Home/ Questions/Q 4101194
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T20:39:55+00:00

I have a class that implements IAuthorizationPolicy. I set up a custom Principal object

  • 0

I have a class that implements IAuthorizationPolicy. I set up a custom Principal object based on the logged in user which has all of my base level roles (I have also done this using claims). Now I would like to change the roles that a particular principal has depending on a key value passed in as a message parameter.

The problem I am having is that the request message cannot be read in the authorization policy class because I don’t have access to write the message back to the request context. I can copy and read the message in a ServiceAuthorizationManager derived class using an override of the CheckAccess method. However, I have to ensure that the GetAuthorizationPolicies method has already been called prior to doing that.

I am looking for suggestions on how I can vary the roles on a principal, based on whether or not the message contains a particular parameter. Basically, when the Evaluate method id called on the policy I want to do something like this:

string myObjectId = null;

if (!messageCopy.IsEmpty)
{
    System.Xml.XmlDictionaryReader xdr = messageCopy.GetReaderAtBodyContents();
    xdr.ReadToDecendant("objectId");
    if (xdr.Read())
    {
        myObjectId = xdr.ReadContentAsString();
    }
    xdr.Close();
}
messageCopy.Close();

ClaimSet claims = (myObjectId != null) ?
    MapClaims(identity, myObjectId) : MapClaims(identity);

DefaultPrincipal principal = new DefaultPrincipal(identity, claims);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After an entire day of attempted failures, I gave up on trying to read the message body and used an easier method, adding a SOAP message header. When calling the service I now perform the following:

    using (new OperationContextScope((IContextChannel)myService)) {
    OperationContext.Current.OutgoingMessageHeaders.Add(
        MessageHeader.CreateHeader("objectId", "http://tempuri.org/", "object value"));
    myService.BeginMyOperation(parm, callback, state);
}

    Then in my service authorization policy’s Evaluate method I do this:

    int index = OperationContext.Current.IncomingMessageHeaders.FindHeader(
    "objectId", "http://tempuri.org/");

string myObjectId = (index < 0) ? null : 
    OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(index);

ClaimSet claims = (myObjectId != null) ?
    MapClaims(identity, myObjectId) : MapClaims(identity);

DefaultPrincipal principal = new DefaultPrincipal(identity, claims);
    • 0