1
votes

We are currently implementing WCF services in Sitecore to execute certain tasks. However we want to secure and authenticate these interactions to keep the Sitecore security model intact.

We use following configuration for the authentication (only relevant config and anonymised):

<service name="Services.MailService" behaviorConfiguration="serviceBehavior">
    <endpoint address="" binding="wsHttpBinding" contract="Interfaces.IMailService"/>
</service>
<behavior name="serviceBehavior">
    <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Services.Authentication.CustomServiceAuthentication, MyLibrary" />
    </serviceCredentials>
</behavior>
<wsHttpBinding>
    <binding>
        <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName" />
            <transport clientCredentialType="None">
            </transport>
        </security>
    </binding>
</wsHttpBinding>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>

The custom validator inherits from UserNamePasswordValidator and logs the user in using the standard Sitecore.Security.Authentication.AuthenticationManager.Login() method. On this exact moment the user is indeed logged in and appears as Sitecore.Context.User. But when arriving in the WCF method itself this authentication is gone. (resulting in access exceptions from Sitecore as anonymous user does not have add item rights)

After a few tests and studying the interactions I noticed that the issue would be that WCF uses multiple messages and thus multiple HttpContext are being used. The cookies and login are not being retained between the requests. Looking deeper I noticed that the System.ServiceModel.ServiceSecurityContext.Current does retain the security login however it only shows up once entering the WCF method (ea it's not possible to use this in the Sitecore httpBeginRequest pipeline to identify and login the user at the UserResolver)

How can I ensure both asp.net and wcf are properly authenticated throughout the call?

1
I'm guessing since the authentication is riding on the message and not the transport level that it isn't being picked up...IvanL
did you ever find a solution to this? Same problem heregeedubb
@geedubb I added the answer we used to resolve the issueIvanL

1 Answers

1
votes

In the end we ended up resolving this by including the following in the constructor of the service since our InstanceContextMode was set to PerCall:

// Handle login for Sitecore to sync with the WCF security context
if (ServiceSecurityContext.Current != null)
{
    AuthenticationManager.Login(
    string.Format("{0}\\{1}", "yoursitecoredomain", ServiceSecurityContext.Current.PrimaryIdentity.Name));
}