I have a RESTful (WCF) service decorated with PrincipalPermission demands. I expected a 403 FORBIDDEN
response if the user does not hold the role, but get a 400 BAD REQUEST
, instead. Upon reflection, this makes sense - the demand triggers a SecurityException
when the principal doesn't hold the role; it's not the same as granting access through an <authorization>
tag in the web.config.
However, a 400 BAD REQUEST
doesn't make sense... the request wasn't malformed, I just didn't have permission to make the call. A 400
response implies I could fix the request and try again, but that will never succeed.
How could I intercept or map a SecurityException
to a more appropriate response (preferably 403 FORBIDDEN
)?
Decorated method:
[PrincipalPermission(SecurityAction.Demand, Role = "FST")]
public string TestNoPermissions(string NetworkId) {
return "Call succeeded";
}
Response:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Request Error</title>
<style>BODY { color: #000000; ...;}</style>
</head>
<body>
<div id="content">
<p class="heading1">Request Error</p>
<p>The server encountered an error processing the request. The exception message is 'Access is denied.'. See server logs for more details. The exception stack trace is: </p>
<p> at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</p>
</div>
</body>
</html>
You could implement an IErrorHandler
to intercept the SecurityException
. and then provide a WebFaultException
with the status code.
public void ProvideFault(Exception error, MessageVersion version, ref Message fault)
{
if (error is SecurityException)
{
var faultEx = new WebFaultException<string>("Forbidden", HttpStatusCode.Forbidden)
fault = Message.CreateMessage(version, faultEx.CreateMessageFault(), null);
}
}
Note this is untested - security exceptions have a nasty habit of getting lost within frameworks / pipelines but this idea was a bit long for a comment.
Usually you would add your custom IErrorHandler with a behavior, which can be configured in your DI code or in config.
public class ErrorHandlerBehavior : IServiceBehavior
{
public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters)
{
// not implemented
}
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
{
foreach (var dispatcherBase in serviceHostBase.ChannelDispatchers)
{
var dispatcher = dispatcherBase as ChannelDispatcher;
if (dispatcher != null)
dispatcher.ErrorHandlers.Add(new MyCustomErrorHandler());
}
}
public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
{
// not implemented
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.