WCF Pass extra security data through all service calls

Question

Client side I need to pass a piece of information (for this example lets say a string) to every service call I make. The services use this string (currentRole) along with user/pass credentials to retrieve a user's set of claims associated w/their current role.

The solutions I have come across thus far are:

1) Modify message headers as they go out from the client and verify that the message header is there service side.

2) Use a custom credential which from what I understand requires a custom security token as well to store the string.

Are there any other approaches I a missing such as just adding that info to an existing token/credential? And are there any pros/cons of the solutions mentioned above?

Thanks.

Answer 1

You could also write a Client-side behavior which would add this header to the messages (so you wouldn't have to think about doing it yourself in your code).

You could implement a IClientMessageInspector and in the BeforeSendRequest method override, add a message header. When you add this behavior to each of your client endpoints, it'll add that message header automatically to each outgoing message.

See this CodeProject article for some starter infos, and this blog post for some more in-depth know-how.

Marc