When does WCF service call it's constructor?

Question

I have a default configuration service (I believe this is per session). I am slightly confused about the WCF initialization policy. I've read a lot of suggestions towards not using constructors to begin with, but in my case, it seems like the intuitive to do along with changing to per-request mode from per-session.

Basically I have information passed in the HTTP headers that is required in all of the public interface methods, so it makes sense to parse them in a single method that's executed. Then again, I keep hoping that there's actually a better way to do this as I want to use the per-session model.

How can I execute such header parsing code before the actual methods? Furthermore, lets say I manage to do it - is there a way to disable this sort of behavior on a single method?

[edit] Also, say it works on per-session basis. Can I trust that the same initialization, when called again by a client, is serving the same client (I assume this is what per-session means, but security is important in my service so I'd rather be sure).

Answer 1

Implement IClientMessageInspector interface to send your custom authentication info with each call. Then implement IDispatchMessageInspector to validate the headers on the service side. Here you can find more about message inspectors in WCF.

Message inpectors should also contain operation info so you can use it to allow anonymous access to some service methods.

Personally I'd validate security data on each call even if you use per-session instance mode. It seems more rebust for me as it's easier to implement and mantain, as long as your authentication mechanism doesn't take much time.

You are right the same service object is used for a session.

Hope it helps!