Retrieving Username and Password from OperationContext with wsHttpBinding
Hi there,
Does anyone know, if it is possible to retrieve username and password from the OperationContext in the service? I have used the wsHttpBinding and in the OperationContext.Current instance, I cannot find the caller information again. There is a CallerIdentity in the OperationContext instance, but I need the password that is supplied by the client to the corresponding user. Any information/help will be greatly appreciated!
Best Regards,
L. Liu
[479 byte] By [
LLiu] at [2007-12-24]
If you use a username/password for client credentials, then you can get the username on the server side, but not the password. Basically, the password is a shared secret between the client and the server. The server should already know the password through some other means (database or otherwise). The client will cryptographically attach itself to the message by signing it (creating a hash). The server will use its copy of the password to recreate the hash and then compare it to what the client sent. If they match, then it knows that the client is who it says it is.
You can use theUserNamePasswordValidator to do this. You can get the username by doing something like this:
OperationContext oc = OperationContext.Current;
ServiceSecurityContext ssc = oc.ServiceSecurityContext;
string client = ssc.PrimaryIdentity.Name;
Hope that helps.
Thanks!
Scott
Hi Scott,
thanks for the answer.
I asked this question in the context of an STS that I implemented. I have already implemented the UserNamePasswordValidator there to authenticate the client. However, I need the username and password again in the STS service, because I have to use the credential information to authenticate again ADAM to get the user attributes from ADAM. As I understand, the authentication takes place before the service is called by the runtime. Do you have any idea, how can I solve this problem? Ist there any object in the OperationContext that I can use like the Session object in ASP.NET? Or any other object in the OperationContext where I can temporarily store tbe user attributes? If there is any such object in the OperationContext available, then I can get the attributes from ADAM directly during the authentication process and call them later in the service.
Thanks!
Lei
So I'm not completely sure why you need Adam's password once he's already been authenticated. Is there some other resource that the STS needs to access using Adam's credentials? If so, then since the STS must have access to the correct password in order to authenticate him, you already have the password stored somewhere. You can use that along with the username in the OperationContext to get the credentials again on the STS.
Thanks!
Scott
