protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
IPrincipal originalPrincipal = Thread.CurrentPrincipal;
// here you can see the requestor's identity via the request message
// convert the Generic Identity to some IPrincipal object, and set it in the request's property
// later the authorization filter will use the role information to authorize request.
SecurityMessageProperty property = request.GetSecurityMessageProperty();
if (property != null)
{
ServiceSecurityContext context = property.ServiceSecurityContext;
if (context.PrimaryIdentity.Name == "username")
{
Thread.CurrentPrincipal = new GenericPrincipal(context.PrimaryIdentity, new string[] { "Administrators" });
}
}
try
{
return await base.SendAsync(request, cancellationToken);
}
finally
{
Thread.CurrentPrincipal = originalPrincipal;
}
}
private static X509Certificate2 RetrieveClientCertificate(HttpRequestMessage request)
{
if (request == null)
{
throw Error.ArgumentNull("request");
}
SecurityMessageProperty property = request.GetSecurityMessageProperty();
X509Certificate2 result = null;
if (property != null && property.ServiceSecurityContext != null && property.ServiceSecurityContext.AuthorizationContext != null)
{
X509CertificateClaimSet certClaimSet = null;
foreach (ClaimSet claimSet in property.ServiceSecurityContext.AuthorizationContext.ClaimSets)
{
certClaimSet = claimSet as X509CertificateClaimSet;
if (certClaimSet != null)
{
result = certClaimSet.X509Certificate;
break;
}
}
}
return result;
}
private static void SetCurrentPrincipal(HttpRequestMessage request)
{
SecurityMessageProperty property = request.GetSecurityMessageProperty();
if (property != null)
{
ServiceSecurityContext context = property.ServiceSecurityContext;
if (context != null && context.PrimaryIdentity != null)
{
WindowsIdentity windowsIdentity = context.PrimaryIdentity as WindowsIdentity;
if (windowsIdentity != null)
{
Thread.CurrentPrincipal = new WindowsPrincipal(windowsIdentity);
}
}
}
}
