Get the username from any service (Secured)

Topics: Security, Users and roles
Mar 28, 2007 at 4:18 PM
Hi,
First I would like to thank you for the great job you guys did with this project.

I have a problem, I would like to get the OperationContext.Current.IncomingMessagePropertiesClaimTypes.Name from my Service call. I can get it on the Ping methode from the SystemService. Correct It is the first call to the service I create the SecurityToken. But then the SecurityToken is in the cache and there are not any more any way to get a "OperationContext.Current", It is simply null on any other Service Request.

Any solution ?
Mar 28, 2007 at 6:07 PM
Make sure you have configured the ActionAuthorizationMAnager (servicaAuthorization tag).
This config goes on the service host.
This class will grab the claims from the token and put them in the IncommingMessageProperties.

 
<behaviors>
			<serviceBehaviors>
				<behavior name="SecureConversationBehavior">
					<serviceAuthorization serviceAuthorizationManagerType="Shp.Security.BrokeredReceiver.ActionAuthorizationManager, Shp.Security.BrokeredReceiver"/>
					<serviceCredentials type="Shp.Security.BrokeredReceiver.StsServiceCredentials, Shp.Security.BrokeredReceiver">
						<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=SaasyLongTailCert"/>
						<issuedTokenAuthentication>
							<knownCertificates>
								<add storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" findValue="CN=SaasyLongTailCert"/>
								<!-- AuthzSTS -->
							</knownCertificates>
						</issuedTokenAuthentication>
					</serviceCredentials>
					<serviceMetadata httpGetEnabled="true"/>
				</behavior>
			</serviceBehaviors>
		</behaviors>
 

Let me know if this helps
Matias
http://staff.southworks.net/blogs/matiaswoloski
Mar 29, 2007 at 8:45 AM
Thank's matias for the reply, I did already this see bellow :

<bindings>
<wsFederationHttpBinding>
	<!-- This is the binding for the clients requesting tokens from this STS. It redirects clients to the Authentication STS -->
	<binding name="AuthorizationSTS" bypassProxyOnLocal="True" maxReceivedMessageSize="1000000">
          <security mode="Message">
		<message issuedKeyType="SymmetricKey" issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
			<issuerMetadata address="http://localhost:1414/Authentication/SecurityTokenService.svc/mex">
			<identity>
				<!-- AuthSTS  CN -->
				<dns value="BComServCert"/>
		        </identity>
			</issuerMetadata>
		</message>
	</security>
      </binding>
</wsFederationHttpBinding>
</bindings>
<behaviors>
	<serviceBehaviors>
		<behavior name="MyServiceTypeBehaviors">
		<!--<behavior name="SecureConversationBehavior">-->
		<serviceAuthorization serviceAuthorizationManagerType="Shp.Security.BrokeredReceiver.ActionAuthorizationManager, Shp.Security.BrokeredReceiver"/>
		<serviceCredentials type="Shp.Security.BrokeredReceiver.StsServiceCredentials, Shp.Security.BrokeredReceiver">
		<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=BComServCert"/>
		<issuedTokenAuthentication>
			<knownCertificates>
				<add storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" findValue="CN=BComServCert"/>
				<!-- AuthzSTS -->
			</knownCertificates>
		</issuedTokenAuthentication>
		</serviceCredentials>
		<serviceMetadata httpGetEnabled="true"/>
		<serviceDebug includeExceptionDetailInFaults="True"/>
	        </behavior>
	</serviceBehaviors>
</behaviors>

I put a hack code on my Ping method :

public class SystemService : ISystemSC, ISystemUC
{
public void Ping()
{
string username = (string)OperationContext.Current.IncomingMessagePropertiesClaimTypes.Name;
}
...
}
If I check at this point the OperationContext.Current is provided and I get the UserName of the user

But if I try to do to any other Secured Service methods other than the service "SystemService" OperationContext.Current == null

All the Client service endpoint have the behaviorConfiguration="WebCachingBehavior". It is Important to us to keep this behavior, as we don't whant to keep the credential User and password on the Client side.

Regards

Alex Cuva
Mar 29, 2007 at 6:09 PM
Hi Mathias,

Ok I found my problem, It was very simple I was trying to get the OperationContext from a static ctor before any Service Methods was call.

Thank's