StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
4729555
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
5
CommunityOwnedDate
CreationDate
2011-01-18T22:02:43.167
FavoriteCount
0
LastActivityDate
2011-01-18T22:02:43.167
LastEditDate
LastEditorUserId
0
OwnerUserId
3153
ParentId
4715752
PostTypeId
2
Score
8
ViewCount
0
LastEditorDisplayName
text
Body
I was also interested in custom authentication in a REST HTTP WCF service and finally got it to work. That being said my code will give you a way to get it working, but I recommend reading this guide which explains everything in more depth: <a href="http://wcfsecurityguide.codeplex.com/" rel="noreferrer">http://wcfsecurityguide.codeplex.com/</a> First, change the <code>system.web</code> portion of your Web.Config to look like this: <pre><code><system.web> <compilation debug="true" targetFramework="4.0" /> <httpRuntime maxRequestLength="10485760" /> <authentication mode="None"></authentication> <httpModules> <add name="BasicAuthenticationModule" type="YourNamespace.UserNameAuthenticator" /> </httpModules> </system.web> </code></pre> Then add another file to your project: UserNameAuthenticator.cs <pre><code>using System; using System.Collections.Generic; using System.Text; using System.Web; using System.Web.Security; using System.Security.Principal; using System.ServiceModel.Activation; namespace YourNamespace { public class UserNameAuthenticator : IHttpModule { public void Dispose() { } public void Init(HttpApplication application) { application.AuthenticateRequest += new EventHandler(this.OnAuthenticateRequest); application.AuthorizeRequest += new EventHandler(this.OnAuthorizationRequest); application.EndRequest += new EventHandler(this.OnEndRequest); } public bool CustomAuth(string username, string password) { //TODO: Implement your custom auth logic here return true; } public string[] GetCustomRoles(string username) { return new string[] { "read", "write" }; } public void OnAuthorizationRequest(object source, EventArgs eventArgs) { HttpApplication app = (HttpApplication)source; //If you want to handle authorization differently from authentication } public void OnAuthenticateRequest(object source, EventArgs eventArgs) { HttpApplication app = (HttpApplication)source; //the Authorization header is checked if present string authHeader = app.Request.Headers["Authorization"]; if (!string.IsNullOrEmpty(authHeader)) { string authStr = app.Request.Headers["Authorization"]; if (authStr == null || authStr.Length == 0) { // No credentials; anonymous request return; } authStr = authStr.Trim(); if (authStr.IndexOf("Basic", 0) != 0) { //header not correct we do not authenticate return; } authStr = authStr.Trim(); string encodedCredentials = authStr.Substring(6); byte[] decodedBytes = Convert.FromBase64String(encodedCredentials); string s = new ASCIIEncoding().GetString(decodedBytes); string[] userPass = s.Split(new char[] { ':' }); string username = userPass[0]; string password = userPass[1]; //the user is validated against the SqlMemberShipProvider //If it is validated then the roles are retrieved from the //role provider and a generic principal is created //the generic principal is assigned to the user context // of the application if (CustomAuth(username, password)) { string[] roles = GetCustomRoles(username); app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"), roles); } else { DenyAccess(app); return; } } else { //the authorization header is not present //the status of response is set to 401 and it ended //the end request will check if it is 401 and add //the authentication header so the client knows //it needs to send credentials to authenticate app.Response.StatusCode = 401; app.Response.End(); } } public void OnEndRequest(object source, EventArgs eventArgs) { if (HttpContext.Current.Response.StatusCode == 401) { //if the status is 401 the WWW-Authenticated is added to //the response so client knows it needs to send credentials HttpContext context = HttpContext.Current; context.Response.StatusCode = 401; context.Response.AddHeader("WWW-Authenticate", "Basic Realm"); } } private void DenyAccess(HttpApplication app) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; // error not authenticated app.Response.Write("401 Access Denied"); app.CompleteRequest(); } } // End Class } //End Namespace </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POAdding basic HTTP auth to a WCF REST service
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USBrian R. Bondy
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.