Home/ Questions/Q 7985383
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T11:32:22+00:00

I need to extend built-in WCF authentication, so my new one should work side-by-side

  • 0

I need to extend built-in WCF authentication, so my new one should work side-by-side with built-in ones.

For instance, I want to allow access from registered IP (custom auth) or with username+password (built-in auth).

I’ve successfully implemented ServiceAuthenticationManager and ServiceAuthorizationManager.

ServiceAuthenticationManager.Authenticate simply adds IPrincipal implementation to message properties, ServiceAuthorizationManager.CheckAccessCore copies IPrincipal from incoming message properties to AuthorizationContext properties.

However, ServiceAuthenticationManager.Authenticate is completely broken for standard mechanisms, even if I return authPolicy or result of base.Authenticate call.

Maybe I went in the wrong direction? What is the correct way to add custom WCF authentication, not affecting existing ones? How to fallback to built-in authentication if custom fails?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Correct approach:

    Setup ServiceHost in OnOpening override

    Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
Authorization.ExternalAuthorizationPolicies = new ReadOnlyCollection<IAuthorizationPolicy>(new[] { new MyCustomAuthorizationPolicy() });

    In the Evaluate method of custom policy assign three properties of evaluation context “PrimaryIdentity” to IIdentity, “Identities” to collection of identities and “Principal” to IPrincipal

    evaluationContext.Properties["PrimaryIdentity"] = identity;
evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] { identity });
evaluationContext.Properties["Principal"] = principal;
    • 0