SecurityContext.Current not working, nullexception

Question

im using a WCF service with the users and roles being kept in the database. In my service im trying to identify whose calling the service. So i type in my WCF service

string user = ServiceSecurityContext.Current.PrimaryIdentity.Name;

but i get i nullexception object not sent to an reference, ive tried googleing it all day but cant seem to find whats wrong. Any suggestions ?

Answer 1

"What's wrong" is that ServiceSecurityContext.Current is returning null rather than an instance of ServiceSecurityContext.

One scenario where this occurs is if the binding is configured to use Message security with MessageCredentialType set to None.

However, I'm not aware of any comprehensive documentation listing every scenario where ServiceSecurityContext.Current can be null: as the security context is established in the channel stack it is something which depends on the specific binding configuration and security providers in use. It could also, I imagine, be affected by custom Behaviors which fiddle with message properties.

Having said that, unless you have custom code inserted into the channel stack, it is probably a safe assumption that this will only occur in cases where the binding does not require any client authentication. You should check first of all that you are using a binding configuration which will auhenticate the client and provide the kind of user name IIdentity you are expecting.