Home/ Questions/Q 9244477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T09:02:38+00:00

I’m trying to design a web application that would user WCF services to access

  • 0

I’m trying to design a web application that would user WCF services to access data and provide business logic. So in general the whole system would look like that:

UI (ASP.NET MVC)
BusinessLayer (WCF Services)
DataLayer (Entity Framework)
Date (SQL Server Database)

All parts of the system will resist on the same, closed environment, so I’m going to use Certificates to secure ASP.NET <-> WCF connection. Database connection would use standard EF securities, Connection String and Windows Authentication.

The application has to provide authentication and authorization functionality. I’m going to move most of that into ASP.NET, so there will be ValidateUserAuth() service method, which will be used to validate credentials, but the result (with UserRole that user belongs to) will be then used by ASP to create user session.

After that, every Service Method call needs to know the UserRole of current user, to return proper results (or say ‘Access denied’ if it’s necessary). Problem is I don’t want to pass that UserRole as a parameter for every Service Method! I’d like to make it happen automatically. Is it even possible with WCF?

All I need is:

  • Every service call made from ASP.NET app will be extended with User data taken from current ASP Session.
  • Service Method invoked by that call will be able to recieve that User data and use it to provide results according to user permissions.
  • All this would happen somekind on background, so there will be no additional UserDetails method parameter added to every Service Method exposed from Service.

I read a lot about WCF itself, but found anything that could met my requirements. I hope I just missed it and it’s still possible.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I decided to use MessageInspector for that:

    On Client-side:

    Public Function BeforeSendRequest(ByRef request As System.ServiceModel.Channels.Message, channel As System.ServiceModel.IClientChannel) As Object Implements System.ServiceModel.Dispatcher.IClientMessageInspector.BeforeSendRequest
    Dim requestMessageProperty = New HttpRequestMessageProperty()

    Dim currentUser = Authentication.AuthenticatedStaffcareUser

    If currentUser Is Nothing Then Throw New ApplicationException()

    requestMessageProperty.Headers("UserName") = currentUser.UserName
    requestMessageProperty.Headers("UserId") = currentUser.UserID
    requestMessageProperty.Headers("UserRole") = currentUser.UserRole
    requestMessageProperty.Headers("EffectiveDate") = currentUser.EffectiveDate
    request.Properties(HttpRequestMessageProperty.Name) = requestMessageProperty

    Return Nothing
End Function

    And Server-side:

    Public Function AfterReceiveRequest(ByRef request As Message, channel As IClientChannel, instanceContext As InstanceContext) As Object Implements IDispatchMessageInspector.AfterReceiveRequest
    Dim messageProperty = CType(OperationContext.Current.IncomingMessageProperties(HttpRequestMessageProperty.Name), HttpRequestMessageProperty)

    Dim userName = messageProperty.Headers("UserName")
    Dim userId = Integer.Parse(messageProperty.Headers("UserId"))
    Dim userRole = messageProperty.Headers("UserRole")
    Dim effectiveDate = DateTime.Parse(messageProperty.Headers("EffectiveDate"))

    Dim identity = New AppServerUserIdentity(userName, userId, userRole, effectiveDate)
    Dim principal = New AppServerUserPrincipal(identity)

    Threading.Thread.CurrentPrincipal = principal

    Return Nothing
End Function

    I also had to set custom AuthorizationPolicy to prevent standard one from overwriting Thread.CurrentPrincipal:

    Public Function Evaluate(evaluationContext As EvaluationContext, ByRef state As Object) As Boolean Implements IAuthorizationPolicy.Evaluate

    Dim principal = TryCast(Threading.Thread.CurrentPrincipal, AppServerUserPrincipal)

    If principal Is Nothing Then
        Return False
    Else
        evaluationContext.Properties("Principal") = principal
        Return True
    End If
End Function
    • 0