With custom UserNamePasswordValidator, can I kill the user's WPF “session”?

Question

I\'m using a custom UserNamePasswordValidator, which instantiates and logs in to our internal API.

This API exposes an event that\'s fired when the user is \"kicked\" (b

Answer 1

I found some code at http://www.neovolve.com/post/2008/04/07/wcf-security-getting-the-password-of-the-user.aspx that shows how to use a custom ServiceCredentials class and, from there, passing the user's details all the way through to Thread.CurrentPrinciple.

Starting from that code, I've stashed the Connection object in a custom principal object, which means that I can get to it in a session context. Then, I added a custom CodeAccessSecurityAttribute that checks that connection object to see if it's been disconnected. If it has, an exception is thrown, which kills the user's session.