protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { IPrincipal originalPrincipal = Thread.CurrentPrincipal; // here you can see the requestor's identity via the request message // convert the Generic Identity to some IPrincipal object, and set it in the request's property // later the authorization filter will use the role information to authorize request. SecurityMessageProperty property = request.GetSecurityMessageProperty(); if (property != null) { ServiceSecurityContext context = property.ServiceSecurityContext; if (context.PrimaryIdentity.Name == "username") { Thread.CurrentPrincipal = new GenericPrincipal(context.PrimaryIdentity, new string[] { "Administrators" }); } } try { return await base.SendAsync(request, cancellationToken); } finally { Thread.CurrentPrincipal = originalPrincipal; } }
private static X509Certificate2 RetrieveClientCertificate(HttpRequestMessage request) { if (request == null) { throw Error.ArgumentNull("request"); } SecurityMessageProperty property = request.GetSecurityMessageProperty(); X509Certificate2 result = null; if (property != null && property.ServiceSecurityContext != null && property.ServiceSecurityContext.AuthorizationContext != null) { X509CertificateClaimSet certClaimSet = null; foreach (ClaimSet claimSet in property.ServiceSecurityContext.AuthorizationContext.ClaimSets) { certClaimSet = claimSet as X509CertificateClaimSet; if (certClaimSet != null) { result = certClaimSet.X509Certificate; break; } } } return result; }
private static void SetCurrentPrincipal(HttpRequestMessage request) { SecurityMessageProperty property = request.GetSecurityMessageProperty(); if (property != null) { ServiceSecurityContext context = property.ServiceSecurityContext; if (context != null && context.PrimaryIdentity != null) { WindowsIdentity windowsIdentity = context.PrimaryIdentity as WindowsIdentity; if (windowsIdentity != null) { Thread.CurrentPrincipal = new WindowsPrincipal(windowsIdentity); } } } }