<system.web>
<compilation debug="true"
targetFramework="4.0" />
<httpRuntime requestPathInvalidCharacters="" />
<authentication mode="Forms" />
<membership defaultProvider=">
<providers>
<clear />
<add name="ANSMP"
type="Test.Authentication.CustomMembershipProvider"
connectionStringName="DataConnection" />
</providers>
</membership>
<roleManager enabled="true"
defaultProvider="ANSRP">
<providers >
<clear />
<add connectionStringName="DataConnection"
applicationName="/"
name="ANSRP"
type="Test.Authentication.CustomRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<behaviours>
<serviceBehaviors>
<behavior name="TestDataBehaviour">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="ANSMP"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"
httpsGetEnabled="true" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles"
roleProviderName="ANSRP" />
<dataContractSerializer ignoreExtensionDataObject="true" />
<serviceDebug httpHelpPageBinding="webHttpBinding"
httpHelpPageBindingConfiguration=""
includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviour>
</behaviors>
</system.serviceModel>
Assuming that I leave my custom membership provider and custom role providwer empty (Asin, all methods throw NotImplementedException
); I would expect a error when I attempt to check a role using [PrinciplePermission(SecurityAction.Demand, Role = "Custom")]
or var b = Thread.CurrentPrincipal.IsInRole("Custom")]
However instead it just keeps returning Access is denied
(on the attribute) and false
on the field.
Using Membership.GetAllUsers()
actually does give me a NotImplementedError
.. but how can I make sure that when I use a PrincipalPermission Attribute that it triggers my custom role provider and my custom membership provider?
Edit
I've tried adding , Test.Authentication
to the type of the membership provider as well as the role provider...
However currently PrinciplePermission tells me Request for principal permission failed
Edit 2
When checking my trace logs I found the following:
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.PrincipalPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Identity Authenticated="true"
Role="Customer"/>
</IPermission>
The demand was for:
<IPermission class="System.Security.Permissions.PrincipalPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1">
<Identity Authenticated="true"
Role="Customer"/>
</IPermission>
The assembly or AppDomain that failed was:
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
I'm also getting a fair few Extension type not found
warnings
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/nl-NL/library/System.ServiceModel.ExtensionTypeNotFound.aspx</TraceIdentifier>
<Description>Extension type not found.</Description>
<AppDomain>/LM/W3SVC/1/ROOT/webapi3-6-130082517071825580</AppDomain>
<ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/DictionaryTraceRecord">
<ExtensionName>pollingDuplexHttpBinding</ExtensionName>
<ExtensionType>System.ServiceModel.Configuration.PollingDuplexHttpBindingCollectionElement, System.ServiceModel.PollingDuplex, version=3.0.0.0, Culture=neutral</ExtensionType>
</ExtendedData>
</TraceRecord>
After a lot of time I found that everyone shown above works corretly
From the client side, when you create a service reference, 2 endpoints are made (in our case. I don't know if this is standard). One is secured and one is .. well, not secured.
For using the token i've always use the non secured one... but in order to use the membership provider, role provider and username password validation I need to use the secured end point!