J'ai créé un DataService WCF et, pour ce service, j'ai besoin d'une authentification personnalisée à l'aide d'en-têtes HTTP. J'ai donc écrit des fonctions spéciales qui valident cette information ou jettent une page 403 dans le visage de l'utilisateur quand il n'est pas autorisé à le voir.DataService: OnStartProcessingRequest non appelé
pour le rendre facile pour moi-même, j'ai essayé de remplacer le OnStartProcessingRequest pour effectuer cette vérification à chaque appel, mais pour une raison quelconque cette fonction ne soit jamais appelé mon code/service WCF: S
Voici le code de le service WCF:
using System;
using System.Data.Services;
using System.Linq;
using System.Text;
using System.Web;
namespace TenForce.Execution.Web.OData
{
public class TenForceApi : DataService<Entities>
{
// This method is called only once to initialize service-wide policies.
public static void InitializeService(IDataServiceConfiguration config)
{
config.SetEntitySetAccessRule("*", EntitySetRights.All);
config.UseVerboseErrors = true;
config.SetServiceOperationAccessRule("*", ServiceOperationRights.All);
}
/// <summary>
/// <para>This function is called prior to handeling requests. The function will perform basic
/// authentication using the Headers supplied by the client.</para>
/// </summary>
/// <param name="args">The arguments supplied for this call.</param>
protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
HttpContext context = HttpContext.Current;
string customAuthHeader = ExtractAuthenticationToken(context);
ValidateAuthentication(customAuthHeader.Split('|'), context);
base.OnStartProcessingRequest(args);
}
#region Private Members
/// <summary>
/// <para>This function will extract the custom tenforce authentication header from the
/// http context and return the value of that header. If the header cannot be found, a
/// DataServiceException is thrown.</para>
/// </summary>
/// <param name="context">The HttpContext object containing the custom HTTP header.</param>
/// <returns>The value of the header</returns>
/// <exception cref="DataServiceException">No Authentication Header provided.</exception>
private static string ExtractAuthenticationToken(HttpContext context)
{
if (!context.Request.Headers.AllKeys.Contains(@"TenForce-Auth"))
throw new DataServiceException(403, @"No authentication header provided.");
return Encoding.UTF8.GetString(Convert.FromBase64String(context.Request.Headers[@"TenForce-Auth"]));
}
/// <summary>
/// <para>Validates the authentication credentials stored inside the array.</para>
/// </summary>
/// <param name="values">Array holding the required authentication details.</param>
/// <param name="context">The HttpContext holding the Request and Response for this call.</param>
private static void ValidateAuthentication(string[] values, HttpContext context)
{
if (values.Length != 2) throw new DataServiceException(403, @"insufficient parameters provided for the authentication.");
string username = values[0] ?? string.Empty;
string password = values[1] ?? string.Empty;
string database = Api2.Implementation.Authenticator.ConstructDatabaseId(context.Request.Url.AbsoluteUri);
if (!Api2.Implementation.Authenticator.Authenticate(username, password, database))
{
AddResponseHeader(context, @"TenForce-RAuth", "DENIED");
throw new DataServiceException(403, @"Incorrect authentication credentials.");
}
}
/// <summary>
/// <para>Add the specific HTTP Header to the Response of the provided HttpContext.</para>
/// </summary>
/// <param name="context">The HttpContext object holding the HTTP Response.</param>
/// <param name="header">The name of the header to add to the response.</param>
/// <param name="value">The value of the header.</param>
private static void AddResponseHeader(HttpContext context, string header, string value)
{
if (!context.Request.ServerVariables[@"SERVER_SOFTWARE"].Contains(@"Microsoft-IIS/7."))
context.Response.AddHeader(header, value);
else
context.Response.Headers.Add(header, value);
}
#endregion
}
}
Quelqu'un qui pourrait indiquer quel est le problème?