I'm attaching an NHibernate session to the operation context in my WCF webservice which allows me to access the session object during the processing of each operation (the service instance context is per call).
The service implements custom authentication using UserNameP开发者_开发百科asswordValidator but unfortunately prior to the request being authenticated the OperationContext.Current is always null (presumably by design).
My question is how should I set up the NHibernate session on the Validate(string userName, string password) method if I can't get the session via the OperationContext.Current? How are other peeps doing this?
Thanks in advance.
Use separate session in validator = create new one through session factory. There is no shared storage between security processing and operation processing by design. They should even run in different threads. You should follow this design and don't share session and loaded objects between security processing and operation processing.
精彩评论