How to get authorization into the pipleline?

Topics: Web Api
Jul 7, 2011 at 4:02 PM

I have a message handler pipeline which is authenticating my user just fine. However, I would like to also plug the authorization check in. The way I have designed the system is this: every service operation can be checked against the user's permissions. The current message handler pipeline makes the current user available. I just don't know how to see the operation and to cancel the request in this case. I've been trying to do this with a MessageHandler, but the operation information doesn't seam to be available at that time. I thought that an operation handler would do the trick, but looking at the API, I can't really make heads or tails of it. That hook looks like it's for transforming operation input/output, which I don't care about. I want to cancel the request with an error code if the user has inappropriate permissions and I need to know the operation and the user in order to do that. Anyone have thoughts on this?

Jul 7, 2011 at 4:25 PM

I'm doing the authorization with an operation handler and not a message handler.

See https://github.com/pmhsfelix/Waaz for an example.

Pedro

Jul 7, 2011 at 6:48 PM

That helped a ton! Thanks! I've got everything working now.