Custom Role Provider not triggering in webservice

StackOverflow https://stackoverflow.com/questions/15521666

Question 

<system.web>
    <compilation debug="true"
                 targetFramework="4.0" />
    <httpRuntime requestPathInvalidCharacters="" />
    <authentication mode="Forms" />
    <membership defaultProvider=">
        <providers>
            <clear />
                <add name="ANSMP"
                     type="Test.Authentication.CustomMembershipProvider"
                     connectionStringName="DataConnection" />
         </providers>
    </membership>
    <roleManager enabled="true"
                 defaultProvider="ANSRP">
        <providers >
            <clear />       
                <add connectionStringName="DataConnection"
                     applicationName="/"
                     name="ANSRP"
                     type="Test.Authentication.CustomRoleProvider" />
        </providers>
    </roleManager>
</system.web>
<system.serviceModel>
    <behaviours>
        <serviceBehaviors>
            <behavior name="TestDataBehaviour">
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
                                            membershipProviderName="ANSMP"/>
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true"
                                 httpsGetEnabled="true" />
                <serviceAuthorization principalPermissionMode="UseAspNetRoles"
                                      roleProviderName="ANSRP" />
                <dataContractSerializer ignoreExtensionDataObject="true" />
                <serviceDebug httpHelpPageBinding="webHttpBinding"
                              httpHelpPageBindingConfiguration=""
                              includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviour>
    </behaviors>
</system.serviceModel>

Assuming that I leave my custom membership provider and custom role providwer empty (Asin, all methods throw NotImplementedException); I would expect a error when I attempt to check a role using [PrinciplePermission(SecurityAction.Demand, Role = "Custom")] or var b = Thread.CurrentPrincipal.IsInRole("Custom")]

However instead it just keeps returning Access is denied (on the attribute) and false on the field.

Using Membership.GetAllUsers() actually does give me a NotImplementedError.. but how can I make sure that when I use a PrincipalPermission Attribute that it triggers my custom role provider and my custom membership provider?

Edit

I've tried adding , Test.Authentication to the type of the membership provider as well as the role provider...

However currently PrinciplePermission tells me Request for principal permission failed

Edit 2

When checking my trace logs I found the following:

The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.PrincipalPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Identity Authenticated="true"
Role="Customer"/>
</IPermission>

The demand was for:
<IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Identity Authenticated="true"
Role="Customer"/>
</IPermission>

The assembly or AppDomain that failed was:
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

I'm also getting a fair few Extension type not found warnings 

<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
    <TraceIdentifier>http://msdn.microsoft.com/nl-NL/library/System.ServiceModel.ExtensionTypeNotFound.aspx</TraceIdentifier>
    <Description>Extension type not found.</Description>
    <AppDomain>/LM/W3SVC/1/ROOT/webapi3-6-130082517071825580</AppDomain>
    <ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/DictionaryTraceRecord">
        <ExtensionName>pollingDuplexHttpBinding</ExtensionName>
        <ExtensionType>System.ServiceModel.Configuration.PollingDuplexHttpBindingCollectionElement, System.ServiceModel.PollingDuplex, version=3.0.0.0, Culture=neutral</ExtensionType>
    </ExtendedData>
</TraceRecord>
Était-ce utile?

La solution

After a lot of time I found that everyone shown above works corretly

From the client side, when you create a service reference, 2 endpoints are made (in our case. I don't know if this is standard). One is secured and one is .. well, not secured.

For using the token i've always use the non secured one... but in order to use the membership provider, role provider and username password validation I need to use the secured end point!

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top