How To: Allow Metadata Requests While Authorizing
Collapse the table of content
Expand the table of content

How To: Allow Metadata Requests While Authorizing


During custom authorization, it may be necessary to allow a request for metadata to be processed. The following topic walks through the steps to validate such a request.

For more information about Windows Communication Foundation (WCF) authorization, see Authorization in WCF.

To allow metadata requests during authorization

  1. Create an extension of the ServiceAuthorizationManager class.

  2. Override the CheckAccessCore method. The method returns true or false depending on whether authorization is allowed. Information about the current procedure is found in the OperationContext passed as a parameter to the method.

  3. In the override, check the contract name, namespace, and the action as shown in the following example. If the conditions are valid, then return true.

  4. Use the extensibility point to employ the class. For more information, see How to: Create a Custom Authorization Manager for a Service.


The following example shows an override of the CheckAccessCore method.

class MyAuthorizationManager : ServiceAuthorizationManager
    protected override bool CheckAccessCore(OperationContext operationContext)
        // Allow MEX requests through.
        if (operationContext.EndpointDispatcher.ContractName == ServiceMetadataBehavior.MexContractName &&
            operationContext.EndpointDispatcher.ContractNamespace == "" &&
            operationContext.IncomingMessageHeaders.Action == "")
            return true;
        // Code not shown: Perform authorization checks for non-MEX requests
        return false;
© 2016 Microsoft