c# - Authentication using HTTP Authorization Header in WCF SOAP API -


we have wcf soap api allows consumer authenticate using username , password (internally uses usernamepasswordvalidator) reference username , password passed in soap body follows:

<o:security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mustunderstand="1"> <timestamp id="_0">     <created>         2013-04-05t16:35:07.341z</created>         <expires>2013-04-05t16:40:07.341z</expires>     </timestamp>     <o:usernametoken id="uuid-ac5ffd20-8137-4524-8ea9-3f4f55c0274c-12">         <o:username>someusername</o:username>         <o:password o:type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">somepassword     </o:password> </o:usernametoken> </o:security>

we additionally support consumer specify credentials in http authorization header, either basic auth, or oauth bearer token

we have several ways of doing authentication non-soap apis, not familiar how tell wcf use class might create this. how can accomplish this? other question have seen attempts answer here, accepted answer uses soap headers, not http headers, , asker gave up.

obviously solution needs backwards compatible - need continue support consumers specifying credentials in soap security header.

one of ways can go using messageinspectors.
this:

first - create message inspector - responsible add header credentials

using system; using system.collections.generic; using system.io; using system.text; using system.servicemodel.dispatcher; using system.servicemodel.channels; using system.servicemodel; using system.xml;  namespace your_namespace {       /// <summary>     /// /************************************     /// *      /// * creating message inspector      /// * updating outgoing messages caller identifier header     /// * read http://msdn.microsoft.com/en-us/magazine/cc163302.aspx     /// * more details     /// *      /// *********************/     /// </summary>     public class credentialsmessageinspector : idispatchmessageinspector,         iclientmessageinspector     {         public object afterreceiverequest(ref message request,             iclientchannel channel,             instancecontext instancecontext)         {             return null;         }          public void beforesendreply(ref message reply, object             correlationstate)         { #if debug             //// leave empty              //messagebuffer buffer = reply.createbufferedcopy(int32.maxvalue);             //message message = buffer.createmessage();             ////assign copy ref received             //reply = buffer.createmessage();               //stringwriter stringwriter = new stringwriter();             //xmltextwriter xmltextwriter = new xmltextwriter(stringwriter);             //message.writemessage(xmltextwriter);             //xmltextwriter.flush();             //xmltextwriter.close();              //string messagecontent = stringwriter.tostring(); #endif                      }          public void afterreceivereply(ref message reply, object             correlationstate)         { #if debug             //// leave empty              //messagebuffer buffer = reply.createbufferedcopy(int32.maxvalue);             //message message = buffer.createmessage();             ////assign copy ref received             //reply = buffer.createmessage();               //stringwriter stringwriter = new stringwriter();             //xmltextwriter xmltextwriter = new xmltextwriter(stringwriter);             //message.writemessage(xmltextwriter);             //xmltextwriter.flush();             //xmltextwriter.close();              //string messagecontent = stringwriter.tostring(); #endif         }          public object beforesendrequest(ref message request,             iclientchannel channel)         {             request = credentialshelper.addcredentialsheader(ref request);             return null;         }          #region idispatchmessageinspector members          #endregion     } }

second - add code add header

using system; using system.collections.generic; using system.linq; using system.runtime.compilerservices; using system.text; using system.servicemodel.channels; using system.servicemodel;  namespace your_namespace {      public class credentialshelper     {        // siple string example - can use data structure here         private static readonly string credentialsheadername = "mycredentials";         private static readonly string credentialsheadernamespace = "urn:urn_probably_like_your_namespance";          /// <summary>         /// update message credentials         /// </summary>         public static message addcredentialsheader(ref message request)         {            string user = "john";           string password = "doe";              string cred = string.format("{0},{1}",   user, password);              // add header             messageheader<string> header = new messageheader<string>(cred);             messageheader untyped = header.getuntypedheader(credentialsheadername, credentialsheadernamespace);              request = request.createbufferedcopy(int.maxvalue).createmessage();             request.headers.add(untyped);              return request;         }          /// <summary>         /// details of current credentials client-side added incoming headers         ///          /// return empty credentials when empty credentials specified          /// or when exception occurred         /// </summary>         public static string getcredentials()         {             string credentialdetails = string.empty;             try             {                 credentialdetails = operationcontext.current.incomingmessageheaders.                     getheader<string>                         (credentialsheadername, credentialsheadernamespace);             }             catch             {                     // todo: ...             }             return credentialdetails;         }      } }

third - credentials on server side

public void myserversidemethod() {    string credentials = credentialshelper.getcredentials();    . . .  }

hope helps.


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more