This project is read-only.

Creating a Custom Security Service

When you want to create your own security service, you need to implement the IXcoSecurityService interface, as well as IXcoClientCredentials. The following example shows what needs to be done:

public class MyTransportService : IXcoSecurityService
{
    public XcoAuthenticationResult Authenticate(string address, IXcoClientCredentials credentials)
    {
        //this method is called when a remote space wants to connect to a worker, and should check
        //if the user with the given credentials from the given address is allowed to access any worker
        //from the local space. If access is permitted, a session for this user should be created with a
        //new unique Guid. This session, and the information if access is permitted, should be returned
        //in an XcoAuthenticationResult instance.
    }

    public bool Authorize(string address, Guid sessionID, Microsoft.Ccr.Core.IPort worker)
    {
        //This method is also called when a remote space wants to connect to a local worker and
        //should check if the user with the given address and session ID is authorized to access 
        //the given local worker instance. The method is only called if a user is already
        //authenticated, meaning the Authenticate() method has been sucessfully called before.
        //If the user is authorized, true should be returned, otherwise false.
    }

    public void CheckPermission(Microsoft.Ccr.Core.IPort worker, object message, string address, Guid sessionID)
    {
        //This method everytime a message for a local worker is received from a remote space.
        //It should check if the user with the given address and session ID is allowed to post the given
        //message to the given worker instance. An XcoSecurityException should be thrown if not.
    }

    public IXcoClientCredentials GetClientCredentials(System.Net.ICredentials credentials, string address)
    {
        //This method is called when ConnectWorker is called, to evaluate which security credentials
        //should be sent to the remote space for connecting to the worker. The credentials that were
        //set at the local appspace instance, and the address of the worker to which a connection should
        //be established are handed in.
        //An IXcoClientCredentials instance should be returned. This interface can be freely implemented
        //by your security service to suit your needs. It has the predefined properties User and Password,
        //but you can add to that whatever information you need.
    }

    public void Initialize(XcoAppSpaces.Contracts.Service.IXcoServiceRegistry serviceRegistry)
    {
        //this method is called at startup of the space and allows you to get instances of other
        //services from the local xcoappspace instance if you need them.
        //you could for example be interested in the list of local workers, which you could resolve like this:
        var workerRegistry = serviceRegistry.Resolve<IXcoWorkerRegistry>();
        //the worker registry provides events to inform you when local workers are added and removed
        //which could come in handy if your security is worker-based.
    }

    public void Start()
    {
        //this method is called at startup of the space, directly after "Initialize". Here you should
        //take any actions that need to be taken for your security service to be ready to use.
    }

    public int StartPriority
    {
        get { return 3; } //defines in which order services of the xcoappspace are started. 3 is the default for the security service, so it is initialized before the transport services.
    }

    public void Stop()
    {
        //this method is called when the appspace is disposed and should stop the service (release all resources, ...)
    }
}

You can see here how you to add your custom service to the space.
If you want more info on security service implementation, you could take a look at the implementation of the XcoBasicSecurityService.

Last edited Jun 16, 2010 at 8:12 AM by thomass, version 4

Comments

No comments yet.