I'm porting a recently developed asmx service to a WCF service. We have used WSE3.0 UsernameToken authentication for the asmx service. The service authenticates the username and password against AD and then gets a list of things the account can do for authorization.
I'm trying to do this with WCF. I've got the authentication working. The authorization is causing me problems. In the asmx service I read the username and password off the UsernameToken with this UsernameToken token = (UsernameToken)RequestSoapContext.Current.IdentityToken.
I can get the username and password in the WCF service using a custom UserNamePasswordValidator which works great but how is best to do the authorization? I can't do it in the custom validator because that is common to all services for the project. So I
have to do it at a later stage which means reading the username and password somehow (off the channel?)
View Complete Post