access HttpContext.Current from WCF Web Service

Asked 5/5, 2011 at 21:30 Answered 14/1, 2015 at 9:15

I just started using WCF Services with ASP.NET AJAX. I instantiate my WCF service from Javascript and then pass string variables as arguments to my WCF Service method (with an OperationContract signature). I then return a .NET object (defined with a DataContract) which is bound to my custom Javascript class. I'm having trouble authenticating based on the user logged into my web session. However, the WCF web service is a completely different service with no context to the HttpContext.Current object. What is the most secure way to get access to that object?

Kennakennan answered 5/5, 2011 at 21:30 Comment(0)

You can get access to HttpContext.Current by enabling AspNetCompatibility, preferably via configuration:

<configuration>
  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
  </system.serviceModel>
</configuration>

That in turn allows you to get access to the current user: HttpContext.Current.User - which is what you're after, right?

You can even enforce AspNetCompatibility by decorating your service class with an additional attribute:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

(In the System.ServiceModel.Activation namespace.) If that attribute is in place, your service will fail to start unless AspNetCompatibility is enabled!

Greenwald answered 5/5, 2011 at 21:43 Comment(2)

Thanks for the input. I gave you a point. I'll mark my answer once I have test this out. We are storing the user slightly differently in our application, so we'll have to redesign things as they recommend for forms authentication. Then I can use this approach. – Kennakennan 19/5, 2011 at 22:5

It's worth noting that this only works if your service is hosted in IIS. – Foeticide 9/11, 2015 at 11:56

You do not have a HttpContext by default but you have many of the same objects present in the OperationContext (which is always present) or the WebOperationContext (which is only available for certain bindings.

You can access the OperationContext or WebOperationContext by using the static .Current property like so: WebOperationContext.Current

Odontalgia answered 5/5, 2011 at 21:33 Comment(1)

+1 this should be the accepted answer. We are dealing with WCF which could be hosted in a Windows Service or self-hosted. AspNetCompatilibity is just an old habit. – Catinacation 11/3, 2014 at 10:18

In case you don't want to change Web.config or you cannot change it:

private string GetClientIPAddress()
        {
            var props = OperationContext.Current.IncomingMessageProperties;
            var endpointProperty = props[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
            if (endpointProperty != null)
            {
                if (endpointProperty.Address == "::1" || String.IsNullOrEmpty(endpointProperty.Address))
                    return "127.0.0.1";

                return endpointProperty.Address;
            }

            return String.Empty;
        }

Crimson answered 14/1, 2015 at 9:15 Comment(0)

Recommended topics

Hot tags