问题
I'm having a WCF service and several operations where I return arrays of basic poco items.
To mitigate cases where I by mistake return items which the client doesn't have access to, I was planning to use IParameterInspector, attach that to an IOperationBehavior-attribute and then validate read access in AfterCall. If the client doesn't have read rights then I throw a WebFaultException.
I'm using custom authentication on my items-repository (the service class) and the ServiceSecurityContext is null when I enter IParameterInspector.AfterCall so I can't use that to check if the client is authenticated to read the items.
My question is how do I get access to the service instance (PerCall) in my IParameterInspector.AfterCall-method?
I'm also using a IOperationInvoker where I do the real authentication in the Invoke-method (check what user or if anonymouse).
And I'm wondering what difference it is between "outputs" and "returnValue" in AfterCall?
public class ParameterInspector : IParameterInspector
{
public void AfterCall(string operationName, object[] outputs, object returnValue, object correlationState)
{
var items = returnValue as Item[];
if (items == null) return;
foreach (var item in items)
{
User user = ?
// Throw if no access
}
}
public object BeforeCall(string operationName, object[] inputs)
{
return inputs;
}
}
public class AuthenticationOperationInvoker : IOperationInvoker
{
public object Invoke(object instance, object[] inputs, out object[] outputs)
{
var repo = instance as RepositoryBase;
User user;
repo.Authenticate(out user);
return _defaultInvoker.Invoke(instance, inputs, out outputs);
}
}
回答1:
Have you tried OperationContext.Current.ServiceSecurityContext.PrimaryIdentity ?
Edit:
string MyFunction( AThing something, BThing another )
In this case the returnValue is the string returned by MyFunction. The outputs would be something and another.
The difficulty in a generic approach such using a parameter inspector is that it often varies from object to object how you are going to determine if the user is allowed to see the object, or what properties they are going to be allowed to see.
The approach that I would normally take for this ( without knowing the specifics of the domain ) is too pass the identity of the user to the repository and have the repository responsible for ensuring that only information the user has access to is returned.
Take for example if you had the following:
public class GroupTrip
{
public string GroupName {get;set;}
public DateTime Start {get;set;}
public List<Person> Attendees {get;set;}
public Person Organizer {get;set;}
public bool IsStandBy {get;set;}
}
public class Person
{
public string Name {get;set;}
public string Phone {get;set;}
}
And you have to ensure that:
- You can only see the group object if you are attending.
- If you are attending you should be able to see the names of the other people but not their phone numbers
- If you are attending you should be able to see the Organizers name and phone number
- If you are attending you shouldn't be able to see anyone on standby
- If you are the organizer you should be able to see everyone's phone number.
It can quickly become very complicated. Pushing the complexity to the repository helps.
来源:https://stackoverflow.com/questions/16067647/using-iparameterinspector-to-stop-unauthorized-user-to-read-data-without-proper