我已经创建了一个WCF DataService,对于这个服务,我需要通过使用HTTP Headers进行一些自定义身份验证。所以我写了一些特殊的函数来验证这些信息,或者当他不被允许看到它时在用户的脸上抛出403页。
为了方便我自己,我试图覆盖OnStartProcessingRequest以在每次调用时执行此检查,但由于某种原因,我的代码/ WCF服务从不调用此函数:S
这是WCF服务的代码:
using System;
using System.Data.Services;
using System.Linq;
using System.Text;
using System.Web;
namespace TenForce.Execution.Web.OData
{
public class TenForceApi : DataService<Entities>
{
// This method is called only once to initialize service-wide policies.
public static void InitializeService(IDataServiceConfiguration config)
{
config.SetEntitySetAccessRule("*", EntitySetRights.All);
config.UseVerboseErrors = true;
config.SetServiceOperationAccessRule("*", ServiceOperationRights.All);
}
/// <summary>
/// <para>This function is called prior to handeling requests. The function will perform basic
/// authentication using the Headers supplied by the client.</para>
/// </summary>
/// <param name="args">The arguments supplied for this call.</param>
protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
HttpContext context = HttpContext.Current;
string customAuthHeader = ExtractAuthenticationToken(context);
ValidateAuthentication(customAuthHeader.Split('|'), context);
base.OnStartProcessingRequest(args);
}
#region Private Members
/// <summary>
/// <para>This function will extract the custom tenforce authentication header from the
/// http context and return the value of that header. If the header cannot be found, a
/// DataServiceException is thrown.</para>
/// </summary>
/// <param name="context">The HttpContext object containing the custom HTTP header.</param>
/// <returns>The value of the header</returns>
/// <exception cref="DataServiceException">No Authentication Header provided.</exception>
private static string ExtractAuthenticationToken(HttpContext context)
{
if (!context.Request.Headers.AllKeys.Contains(@"TenForce-Auth"))
throw new DataServiceException(403, @"No authentication header provided.");
return Encoding.UTF8.GetString(Convert.FromBase64String(context.Request.Headers[@"TenForce-Auth"]));
}
/// <summary>
/// <para>Validates the authentication credentials stored inside the array.</para>
/// </summary>
/// <param name="values">Array holding the required authentication details.</param>
/// <param name="context">The HttpContext holding the Request and Response for this call.</param>
private static void ValidateAuthentication(string[] values, HttpContext context)
{
if (values.Length != 2) throw new DataServiceException(403, @"insufficient parameters provided for the authentication.");
string username = values[0] ?? string.Empty;
string password = values[1] ?? string.Empty;
string database = Api2.Implementation.Authenticator.ConstructDatabaseId(context.Request.Url.AbsoluteUri);
if (!Api2.Implementation.Authenticator.Authenticate(username, password, database))
{
AddResponseHeader(context, @"TenForce-RAuth", "DENIED");
throw new DataServiceException(403, @"Incorrect authentication credentials.");
}
}
/// <summary>
/// <para>Add the specific HTTP Header to the Response of the provided HttpContext.</para>
/// </summary>
/// <param name="context">The HttpContext object holding the HTTP Response.</param>
/// <param name="header">The name of the header to add to the response.</param>
/// <param name="value">The value of the header.</param>
private static void AddResponseHeader(HttpContext context, string header, string value)
{
if (!context.Request.ServerVariables[@"SERVER_SOFTWARE"].Contains(@"Microsoft-IIS/7."))
context.Response.AddHeader(header, value);
else
context.Response.Headers.Add(header, value);
}
#endregion
}
}
任何可以指出问题是什么的人?
答案 0 :(得分:0)
更多的评论而不是答案(如何添加评论?)但是看起来是一个非常相似的设置,我可以说具有上面签名的OnStartProcessingRequest()在这里被调用。虚拟其他这些也适合我。
protected override ent CreateDataSource() {}
protected override void HandleException(HandleExceptionArgs args) {}