Related to this question, I’m instantiating a connection to our internal API inside my custom UserNamePasswordValidator. Can I stash this somewhere so that I can use it in future calls in that user’s session?
This is similar to this question, but I’m not using IIS, so I can’t use HttpContext.Current (or can I?).
Update: Some context: our internal API is exposed via a COM object, which exposes a Login method. Rather than have a Login method in my service interface, I’ve got a custom UserNamePasswordValidator, which calls the Login method on the COM object.
Because instantiating the COM object and logging in is expensive, I’d like to re-use the now-logged-in COM object in my service methods.
Yes, it can. You’ll need:
ServiceCredentialsimplementation that returns a customSecurityTokenManager.SecurityTokenManagerimplementation that returns a customCustomUserNameSecurityTokenAuthenticator.CustomUserNameSecurityTokenAuthenticatorneeds to overrideValidateUserNamePasswordCore, and should add a custom implementation ofIAuthorizationPolicy.IAuthorizationPolicyshould implementEvaluate, at which point it can start putting things in the WCF context.evaluationContext["PrimaryIdentity"]value with aPasswordIdentityor a customIIdentity.evaluationContext["Principal"]value with aPasswordPrincipalor a customIPrincipal.evaluationContext["Identities"]collection to replace theGenericIdentityinstance with your custom instance.By doing this, you can have a custom
IPrincipalimplementation with some extra information in it.For more details, see this.