CoreWCF and serviceAuthorizationManager not working
See original GitHub issueHi,
I’m trying to assemble a .Net 6 WCF Service with CoreWCF, using a basicHttpBinding, and I’m strugling to add a service authorization manager.
My purpose is to enable WCF to read and validate bearer tokens and use OAuth. I can’t move to REST because of legacy applications compatibility, so I need to keep WCF but use bearer tokens.
I’m using following packages:
- CoreWCF.Primitives 1.3.1
- CoreWCF.Http 1.3.1
- CoreWCF.ConfigurationManager 1.3.1
My service at this stage is quite simple:
[ServiceContract]
public interface IService
{
[OperationContract]
string GetData(int value);
[OperationContract]
CompositeType GetDataUsingDataContract(CompositeType composite);
}
public class Service : IService
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
public CompositeType GetDataUsingDataContract(CompositeType composite)
{
if (composite == null)
{
throw new ArgumentNullException("composite");
}
if (composite.BoolValue)
{
composite.StringValue += "Suffix";
}
return composite;
}
}
// Use a data contract as illustrated in the sample below to add composite types to service operations.
[DataContract]
public class CompositeType
{
bool boolValue = true;
string stringValue = "Hello ";
[DataMember]
public bool BoolValue
{
get { return boolValue; }
set { boolValue = value; }
}
[DataMember]
public string StringValue
{
get { return stringValue; }
set { stringValue = value; }
}
}
My Program.cs:
var builder = WebApplication.CreateBuilder();
builder.Services.AddServiceModelServices();
builder.Services.AddServiceModelConfigurationManagerFile("wcf.config");
builder.Services.AddServiceModelMetadata();
builder.Services.AddSingleton<IServiceBehavior, UseRequestHeadersForMetadataAddressBehavior>();
builder.Services.AddSingleton<OAuthAuthorizationManager>();
var app = builder.Build();
app.UseServiceModel(bld =>
{
bld.AddServiceEndpoint<Service, IService>(new BasicHttpBinding(BasicHttpSecurityMode.Transport), "/Service.svc");
var mb = app.Services.GetRequiredService<ServiceMetadataBehavior>();
mb.HttpsGetEnabled = true;
});
app.Run();
Then my wcf.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicBinding" receiveTimeout="00:10:00">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="CoreWCFService.Service" behaviorConfiguration="Default">
<endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="basicBinding" contract="CoreWCFService.IService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Default">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceAuthorization serviceAuthorizationManagerType="CoreWCFService.OAuthAuthorizationManager,CoreWCFService" />
<dataContractSerializer maxItemsInObjectGraph="10000000" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
But when I call the service with tokens, nothing happens on the authorization manager, the operation runs simply ignoring this service behavior.
Is there anyone out there that can help me with this?
Issue Analytics
- State:
- Created 7 months ago
- Comments:6
Top Results From Across the Web
WCFCore and serviceAuthorizationManager not working
But when I call the service with tokens, nothing happens on the authorization manager, the operation runs simply ignoring this service behavior.
Read more >Port ServiceAuthorizationBehavior class · Issue #91
Does that code need to be ported or is the one in CoreWCF ok? ... in implies it works and this has a...
Read more >Introducing ASP.NET Core Authorization support and ...
Introduction The latest release of CoreWCF will bring support of ASP.NET Core Authorization to allow developers to use ASP.
Read more >Create a Custom Authorization Manager for a Service - WCF
An authorization manager examines the claims in the AuthorizationContext to make authorization decisions. By default, authorization decisions ...
Read more >ServiceAuthorizationManager Class (System.ServiceModel)
This class does not perform any authorization and allows users to access all service operations. To provide more restrictive authorization, you must create...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@g7ed6e thanks for your tip, you’ve nailed it, it is working like a charm!
@pacojones I think you can remove the cookie middleware in this scenario. Is your access_token a jwt ? if so you should inspect the “scope” claim and check the existence of a configured scope.