WCF ASP.NET Authorization Manager for BizTalk

ASP.NET style IIS authorizations using allow/deny users config from web.config for a BizTalk generated WCF Service. Plug this service behaviour into the receive location.

References

  • System.ServiceModel.dll
  • System.ServiceModel.Web.dll
  • System.Web.dll
using System;
using System.Linq;
using System.Text;
using System.ServiceModel;
using System.Configuration;
using System.Threading.Tasks;
using System.ServiceModel.Web;
using System.Collections.Generic;
using System.ServiceModel.Channels;
using System.ServiceModel.Dispatcher;
using System.ServiceModel.Description;
using System.ServiceModel.Configuration;

namespace WCFBehaviors.BizTalk.Framework
{
    public class ASPAuthorizationInspector : IDispatchMessageInspector
    {
        public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
        {
            try
            {
                // Deny anonymous users
                if (ServiceSecurityContext.Current.IsAnonymous)
                    throw new Exception();
            }
            catch
            {
                return false;
            }

            // Get the calling user
            System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(ServiceSecurityContext.Current.WindowsIdentity);

            // Use authorizations from web.config
            if (!System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(instanceContext.Host.Extensions.Find<System.ServiceModel.Activation.VirtualPathExtension>().VirtualPath, wp, "GET"))
                throw new AddressAccessDeniedException("Access Denied : " + instanceContext.Host.Description.Name);

            return true;
        }

        public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
        {
            // Handle uncaught exceptions from AfterReceiveRequest
            if (correlationState == null) correlationState = false;

            if (!(bool)correlationState)
            {
                // reply with authorization error when correlationState = false
                reply = Message.CreateMessage(MessageVersion.Soap11, 
                                                MessageFault.CreateFault(FaultCode.CreateSenderFaultCode("Unauthorized", "http://BizTalk.Framework/wcf/Authorization"), 
                                                                            new FaultReason("Tee user is not authorized to access this service.")), 
                                                                            reply.Headers.Action);
            }
        }
    }

    public class ASPAuthorizationBehavior : IServiceBehavior
    {
        public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, System.Collections.ObjectModel.Collection<System.ServiceModel.Description.ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters){}

        public void Validate(System.ServiceModel.Description.ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase) { }

        public void ApplyDispatchBehavior(System.ServiceModel.Description.ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)
        {
            foreach (ChannelDispatcher cDispatcher in serviceHostBase.ChannelDispatchers)
                foreach (EndpointDispatcher eDispatcher in cDispatcher.Endpoints)
                    eDispatcher.DispatchRuntime.MessageInspectors.Add(new ASPAuthorizationInspector());
        }
    }

    public class ASPAuthorizationBehaviorElement : BehaviorExtensionElement
    {
        protected override object CreateBehavior(){return new ASPAuthorizationBehavior();}

        public override Type BehaviorType{get { return typeof(ASPAuthorizationBehavior); }}
    }
}

Register the WCF Behavior Extension in the Framework and Framework64 machine.config.

<system.serviceModel>
        <extensions>
            <behaviorExtensions>
			<add name="ASPAuthorizationBehavior" type="WCFBehaviors.BizTalk.Framework.ASPAuthorizationBehavior, WCFBehaviors.BizTalk.Framework, Version=1.0.0.0, Culture=neutral, PublicKeyToken=AAAA04cd3275BBBB"/>
Advertisements
This entry was posted in BizTalk Server. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s