protected override bool CheckAccessCore(OperationContext operationContext) { // Find out the roleNames from the user database, for example, var roleNames = userManager.GetRoles(user.Id).ToArray(); var identity = operationContext.ServiceSecurityContext.PrimaryIdentity; Core.Module.Security.ISecurity _sec = new Core.Module.Security.Security(); var userP=_sec.DressUpPrincipal("dwalters");//identity.Name // if (userP.Identity.IsAuthenticated==false) var r = userP.Claims.Where(a => a.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"); var roleNames = r.Select(a=>Enum.Parse(typeof(Core.Common.Enums.Permissions),a.Value).ToString()).ToArray(); //new string[] { "Customer" }; //operationContext.ServiceSecurityContext.PrimaryIdentity operationContext.ServiceSecurityContext.AuthorizationContext.Properties["Principal"] = new GenericPrincipal(userP.Identity, roleNames); return true; }
public override void Validate(string userName, string password) { // Debug.WriteLine("Check user name"); Core.Module.Security.ISecurity _sec = new Core.Module.Security.Security(); var authUser = _sec.Authenticate(userName, password); if (authUser.Identity.IsAuthenticated==false) { var msg = String.Format("Unknown Username {0} or incorrect password {1}", userName, password); //Trace.TraceWarning(msg); throw new FaultException(msg);//the client actually will receive MessageSecurityException. But if I throw MessageSecurityException, the runtime will give FaultException to client without clear message. } }