Click here to Skip to main content
13,292,205 members (59,440 online)
Click here to Skip to main content

Tagged as


50 bookmarked
Posted 25 Dec 2011

WCF REST 4.0 Authorization with Form Based Authentication (SetAuthCookie)

, 19 Mar 2013
How to create custom authorization policy and return HTTPContext Identity for authorization.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Security;
using System.ServiceModel;
using System.Collections.ObjectModel;
using System.ServiceModel.Description;
using System.ServiceModel.Channels;
using System.IdentityModel.Policy;

namespace WcfRestService2
    public class SecurityBehaviorAttribute : Attribute, IServiceBehavior

        public void AddBindingParameters(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase, System.Collections.ObjectModel.Collection<ServiceEndpoint> endpoints, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)

        public void ApplyDispatchBehavior(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)
            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>();
            policies.Add(new AuthorizationPolicy());
            serviceHostBase.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();

            ServiceAuthorizationBehavior bh =
            if (bh != null)

                bh.PrincipalPermissionMode = PrincipalPermissionMode.Custom;

                throw new NotSupportedException();


        public void Validate(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)

        internal static void ConfigureInternet(Collection<ServiceEndpoint> endpoints, bool useAspNetProviders)
            foreach (ServiceEndpoint endpoint in endpoints)
                Binding binding = endpoint.Binding;

                if (binding is WSHttpBinding)
                    WSHttpBinding wsBinding = (WSHttpBinding)binding;
                    wsBinding.Security.Mode = SecurityMode.Message;
                    wsBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
                if (binding is WSDualHttpBinding)
                    WSDualHttpBinding wsDualBinding = (WSDualHttpBinding)binding;
                    wsDualBinding.Security.Mode = WSDualHttpSecurityMode.Message;
                    wsDualBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
                //throw new InvalidOperationException(binding.GetType() + "is unsupprted with ServiceSecurity.Internet");

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Anupama Agarwal
India India
I work as a freelance consultant and is passionate about taking challenges in latest technology.
I am a solution architect and trainer with 9+ years experience in designing, developing and maintaining enterprise wide application using latest technology like SharePoint 2010, MOSS 2007, Business Intelligence, SQL Server 2008, Reporting Service, Analysis Service and Integration service.

You may also be interested in...

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.171207.1 | Last Updated 19 Mar 2013
Article Copyright 2011 by Anupama Agarwal
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid