Click here to Skip to main content
12,956,198 members (98,995 online)
Click here to Skip to main content

Tagged as


50 bookmarked
Posted 25 Dec 2011

WCF REST 4.0 Authorization with Form Based Authentication (SetAuthCookie)

, 19 Mar 2013 CPOL
How to create custom authorization policy and return HTTPContext Identity for authorization.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.IdentityModel.Policy;

namespace WcfRestService2
    public class CustomPrincipal: IPrincipal
        private IIdentity _identity;
        public IIdentity Identity
                return _identity;

        public CustomPrincipal(IIdentity identity)
            _identity = identity;

        public bool IsInRole(string role)
            return Roles.IsUserInRole(role);

    public class AuthorizationPolicy : IAuthorizationPolicy
        string id = Guid.NewGuid().ToString();

        public string Id
            get { return; }

        public System.IdentityModel.Claims.ClaimSet Issuer
            get { return System.IdentityModel.Claims.ClaimSet.System; }

        // this method gets called after the authentication stage
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
            // get the authenticated client identity
            IIdentity client = HttpContext.Current.User.Identity; //GetClientIdentity(evaluationContext);

            // set the custom principal
            evaluationContext.Properties["Principal"] = new CustomPrincipal(client);

            return true;

        //private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
        //    object obj;
        //    if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
        //        throw new Exception("No Identity found");

        //    IList<IIdentity> identities = obj as IList<IIdentity>;
        //    if (identities == null || identities.Count <= 0)
        //        throw new Exception("No Identity found");

        //    return identities[0];


By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

India India
I work as a freelance consultant and is passionate about taking challenges in latest technology.
I am a solution architect and trainer with 9+ years experience in designing, developing and maintaining enterprise wide application using latest technology like SharePoint 2010, MOSS 2007, Business Intelligence, SQL Server 2008, Reporting Service, Analysis Service and Integration service.

You may also be interested in...

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170525.1 | Last Updated 19 Mar 2013
Article Copyright 2011 by Anupama_Agarwal
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid