I'm currently developing an WCF4 based REST webservice. Most calls don't need authorization, but some do, so my plan is to implement an RequireAuthorization attribute that handles API key authorization for some calls.
After reading Implementing an Authorization Attribute for WCF Web API I implemented an HttpOperationHandler that handles the API key validation in the OnHandle method and added it to the RequestHandlers in the service configuration.
Basically this works fine, but I need to pass the user info I extracted in the AuthOperationHandler to the service, but I can't find any information on this.
Can anyone help?
public class ServiceConfiguration : WebApiConfiguration{ public ServiceConfiguration() { RequestHandlers = (c, e, od) => { var authorizeAttribute = od.Attributes.OfType<RequireAuthorizationAttribute>().FirstOrDefault(); if (authorizeAttribute != null) { c.Add(new AuthOperationHandler(authorizeAttribute)); } }; CreateInstance = (serviceType, context, request) => RepositoryFactory.GetInstance(serviceType); }}public class AuthOperationHandler : HttpOperationHandler<HttpRequestMessage, HttpRequestMessage>{ protected override HttpRequestMessage OnHandle(HttpRequestMessage input) { // API Key validation here var user = RetrieveUserByApiKey(input); return input; }}