I just discover WCF Web API today, and I am making a little project with forms authentication.
I would like to create something similar to the AuthorizeAttribute from ASP.NET MVC. I would call it WcfFormsAuthorizeAttribute
In the methods that WcfFormsAuthorizeAttribute filter is present, it will look for a valid AUTH cookie, deserialize the IPrincipal derived object, and put it as Thread.CurrentPrincipal and HttpContext.Current.User. If the cookie is not present or valid,
then return a HTTP 401.
First problem: I don't know which element should I derive of in order to create WcfFormsAuthorizeAttribute? I have read that there are operations and message handlers, which one would be the best option to
Second problem: FormsAuthentication module overrides the HTTP 401 with a HTTP 302. This is because in web applications, it redirects you to the login page. But in a service this doesn't make sense, so I would like
to avoid that overriding. How could I do it?