public override void Validate(string userName, string password)
{
// validate arguments
if (string.IsNullOrEmpty(userName))
{
throw new ArgumentNullException("userName");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("password");
}
// check the user credentials from database
//int userid = 0;
//CheckUserNameAndPassword(userName, password, out userid);
//if (0 == userid)
// throw new SecurityTokenException("Unknown username or password");
if (!AuthUserManager.CheckUser(userName, password))
{
throw new SecurityTokenException("Unknown username or password");
}
}
public object BeforeCall(string operationName, object[] inputs)
{
var msg = OperationContext.Current.RequestContext.RequestMessage.ToString();
int index = OperationContext.Current.IncomingMessageHeaders.FindHeader("UserName", Ns);
if (index != -1)
{
string userName = OperationContext.Current.IncomingMessageHeaders.GetHeader <string>("UserName", Ns);
string password = OperationContext.Current.IncomingMessageHeaders.GetHeader <string>("Password", Ns);
if (AuthUserManager.CheckUser(userName, password))
{
return(null);
}
}
Dev.Log.Loger.Error("非法调用" + operationName + "\r\n" + this.GetHeaders());
throw new UnauthorizedAccessException(operationName + "未经授权的调用");
}