Processors: breaking the flow without code 500

Topics: Web Api
Nov 1, 2010 at 8:16 PM

Hi,

I've been playing around with processors and I have a question for you guys:

Is there any way to break the processor pipeline without signaling an error?

The status of a processor execution is either Ok or Error.

  • If Error is returned, the processor pipeline execution is stopped and the response status code is always 500.

I'm writing a Basic Auth processor and when authentication fails and a challenge needs to be produced, I'd like to break the pipeline execution while preserving the 401 status code set by my processor.

  • If I return the value Error, the client gets 500 no matter what.
  • If I return the value Ok, the client gets the challenge but also the "protected" response.

Am I doing something wrong here? I thought that Processors could be a good fit for implementing security on resources

You can find the basic auth processor code here if you wanna take a look

Nov 1, 2010 at 10:56 PM

They were designed to do exactly that.  I take a look and see if I can find out why it's not behaving as expected.   BTW, currently the license doesn't let you rehost their source code elsewhere.  I talked to Glenn about it and they are working towards fixing that but for the moment, I suggest you make that repo private.

Darrel

Nov 1, 2010 at 11:21 PM

Hi Darrel,

Only the source code of the ContactsManager sample project was available in the repo; The actual WCF framework was referenced by assembly... Anyways, the repo is gone now

 

Nov 2, 2010 at 12:17 AM

I had just enough time to copy your basic auth processor :-)  I'll test it later to see if I can find out why you are having an issue.  Also, I noticed the BasicToken class.  In the Microsoft.Http library there is a Credentials.CreateBasic() static factory method that I think does the same thing.

Nov 2, 2010 at 2:29 AM
Edited Nov 2, 2010 at 2:45 AM

When I try and issue a request with the BasicAuthProcessor in the pipeline, I am getting a error that says "The 'WWW-Authenticate' header cannot be modified directly.".   Seems like this is a common WCF error, http://connect.microsoft.com/wcf/feedback/details/307703/plugin-your-own-custom-authentication-header

I have a feeling that we may be a little too late in the request processing to be able to deal with authentication.     

Coordinator
Nov 2, 2010 at 3:55 AM

Darrel is right.

Processors are not the right place to handle authentication, that is in the channel stack. We'll be introducing a nicer HTTP way to author channels soon.

Thanks for your patience.

Glenn