I want to implement role based access control<br/>I wanted to implement role based access control (RBAC). Is there any samples for working on this.<br/>Our objective is to use console based application and implement role based access control<br/><br/>Considering example of usernamepasswordcalculatorservice which is there in march ctp 2009.<br/><br/>scenario<br/><br/>Consider that we are having two users A and B<br/>User A should have access to Calculator.Add,Calculator.Subtract<br/>User B should have access to Calculator.Multiply,Calculator.Divide<br/><br/>how can we achive this?<br/><br/>What settings are required in accesscontrolservice?<br/><br/>What are the code changes required?<br/><br/>Can you please help us in solving this scenario?<br/><br/><br/>Finally i wanted to ask you that can we use email id as claim in Access Control Service<br/><br/>input  claim type : <strong>email</strong>   value <a href="mailto:UserA@xxxx.com"><strong><span style="color:#0033cc">UserA@xxxx.com</span></strong></a><strong> </strong>  Issuer <strong>accesscontrol.windows.net<br/></strong><br/>output claim type: <strong>action</strong>   value <strong>Calculator.Add   </strong>   Issuer <strong>solutionname.accesscontrol.windows.net<br/></strong><br/>Code<br/><br/><strong>code <br/><br/><br/></strong> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;color:blue;font-family:Consolas">public</span><span style="font-size:10pt;font-family:Consolas"> <span style="color:blue">static</span> <span style="color:blue">void</span> DemandActionClaim(<span style="color:blue">string</span> claimValue)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas">{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span><span style="color:blue">foreach</span> (<span style="color:#2b91af">ClaimSet</span> claimSet <span style="color:blue">in</span> <span style="color:#2b91af">OperationContext</span>.Current</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.ServiceSecurityContext</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.AuthorizationContext</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.ClaimSets)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span><span style="color:blue">foreach</span> (<span style="color:#2b91af">Claim</span> claim <span style="color:blue">in</span> claimSet)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span><span style="color:blue">if</span> (<span style="color:#2b91af">AccessControlHelper</span>.CheckClaim(claim.ClaimType,</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>claim.Resource.ToString(),</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>           </span><span> &quot;</span><span style="color:#a31515"><a href="http://docs.oasis-open.org/wsfed/authorization/200706/claims/"><span style="color:#0033cc">http://docs.oasis-open.org/wsfed/authorization/200706/claims/</span></a></span>emailaddress&quot;,</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>claimValue))</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span><span style="color:blue">if</span> (<span style="color:#2b91af">AccessControlHelper</span>.IsIssuedByIbn(claimSet))</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                    </span><span style="color:blue">return</span>;</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span><span style="color:blue">throw</span> <span style="color:blue">new</span> <span style="color:#2b91af">FaultException</span>(<span style="color:#a31515">&quot;Access denied.&quot;</span>);</span></p> <span style="font-size:10pt;line-height:115%;font-family:Consolas">}</span><br/><br/>Awaiting for your reply<br/><br/><br/><br/>© 2009 Microsoft Corporation. All rights reserved.Tue, 30 Jun 2009 09:09:08 Z038f99eb-541a-4d05-881b-919a49ab99b6http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#038f99eb-541a-4d05-881b-919a49ab99b6http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#038f99eb-541a-4d05-881b-919a49ab99b6vinayrajaramhttp://social.msdn.microsoft.com/Profile/en-US/?user=vinayrajaramI want to implement role based access control<br/>I wanted to implement role based access control (RBAC). Is there any samples for working on this.<br/>Our objective is to use console based application and implement role based access control<br/><br/>Considering example of usernamepasswordcalculatorservice which is there in march ctp 2009.<br/><br/>scenario<br/><br/>Consider that we are having two users A and B<br/>User A should have access to Calculator.Add,Calculator.Subtract<br/>User B should have access to Calculator.Multiply,Calculator.Divide<br/><br/>how can we achive this?<br/><br/>What settings are required in accesscontrolservice?<br/><br/>What are the code changes required?<br/><br/>Can you please help us in solving this scenario?<br/><br/><br/>Finally i wanted to ask you that can we use email id as claim in Access Control Service<br/><br/>input  claim type : <strong>email</strong>   value <a href="mailto:UserA@xxxx.com"><strong><span style="color:#0033cc">UserA@xxxx.com</span></strong></a><strong> </strong>  Issuer <strong>accesscontrol.windows.net<br/></strong><br/>output claim type: <strong>action</strong>   value <strong>Calculator.Add   </strong>   Issuer <strong>solutionname.accesscontrol.windows.net<br/></strong><br/>Code<br/><br/><strong>code <br/><br/><br/></strong> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;color:blue;font-family:Consolas">public</span><span style="font-size:10pt;font-family:Consolas"> <span style="color:blue">static</span> <span style="color:blue">void</span> DemandActionClaim(<span style="color:blue">string</span> claimValue)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas">{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span><span style="color:blue">foreach</span> (<span style="color:#2b91af">ClaimSet</span> claimSet <span style="color:blue">in</span> <span style="color:#2b91af">OperationContext</span>.Current</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.ServiceSecurityContext</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.AuthorizationContext</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                                                   </span>.ClaimSets)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span><span style="color:blue">foreach</span> (<span style="color:#2b91af">Claim</span> claim <span style="color:blue">in</span> claimSet)</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span><span style="color:blue">if</span> (<span style="color:#2b91af">AccessControlHelper</span>.CheckClaim(claim.ClaimType,</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>claim.Resource.ToString(),</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>           </span><span> &quot;</span><span style="color:#a31515"><a href="http://docs.oasis-open.org/wsfed/authorization/200706/claims/"><span style="color:#0033cc">http://docs.oasis-open.org/wsfed/authorization/200706/claims/</span></a></span>emailaddress&quot;,</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>claimValue))</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span><span style="color:blue">if</span> (<span style="color:#2b91af">AccessControlHelper</span>.IsIssuedByIbn(claimSet))</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span>{</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                    </span><span style="color:blue">return</span>;</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>                </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>            </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>        </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span>}</span></p> <p class=MsoNormal style="margin:0in 0in 0pt;line-height:normal;text-align:left" align=left><span style="font-size:10pt;font-family:Consolas"><span>    </span><span style="color:blue">throw</span> <span style="color:blue">new</span> <span style="color:#2b91af">FaultException</span>(<span style="color:#a31515">&quot;Access denied.&quot;</span>);</span></p> <span style="font-size:10pt;line-height:115%;font-family:Consolas">}</span><br/><br/>Awaiting for your reply<br/><br/><br/><br/>Mon, 29 Jun 2009 02:57:35 Z2009-06-29T03:00:18Zhttp://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#f1c8a8db-ad7b-4018-a7ab-696332ff38a6http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#f1c8a8db-ad7b-4018-a7ab-696332ff38a6Stephane GUNEThttp://social.msdn.microsoft.com/Profile/en-US/?user=Stephane%20GUNETI want to implement role based access controlUsing e-mail is possible, but not a very robust solution, since e-mail addresses can change quite often. It would be better to use something like a User ID that cannot change. But then it all depends on where your user's will be authenticated. If you use Active Directory and Geneva Server, you have no problems, if you use Live ID the only information we can get right now is the email address (which is a WLID claim, issued by live.com)<br/><br/>Second point, if you want to implement Role Based access control, you need roles. Which means your claims mapping would be something like this<br/>Input claims : WLid = <a href="mailto:userA@live.com">userA@live.com</a>, issued by live.com                                            Output claim : Role = CalcSimple<br/>Input claims : Role = CalcSimple, issued by yoursolution.accesscontrol.windows.net       Output claim : Action = Calculator.Add<br/>Input claims : Role = CalcSimple, issued by yoursolution.accesscontrol.windows.net       Output claim : Action = Calculator.Substract<br/>Input claims : WLid = <a href="mailto:userB@live.com">userB@live.com</a>, issued by live.com                                            Output claim : Role = CalcComplex<br/>Input claims : Role = CalcComplex, issued by yoursolution.accesscontrol.windows.net    Output claim : Action = Calculator.Multiply<br/>Input claims : Role = CalcComplex, issued by yoursolution.accesscontrol.windows.net    Output claim : Action = Calculator.Divide<br/>As you can see, the rules can be chained. With this design, you can change your roles and add a Square operation to role CalcComplex without having to modify the rules for every user.<br/><br/>Last point, Live ID authentication through ACS can (as far as I know) only be used in web based applications. For console application, you would have to use the Live SDK, or another identity provider. I also do not think the username/password authentication illustrated in the Calculator sample is meant to be used for production application. I even remember reading it would be removed before ACS goes into production. You can either authenticate using ACS and some claims based identity provider, like Geneva Server, or handle authentication yourself in your app through some &quot;classic&quot; method (like AD or username/password DB). In this case, check this link for an interesting way to use this : <a href="http://blogs.msdn.com/justinjsmith/archive/2009/03/24/tokenclient-mix-introduction.aspx">http://blogs.msdn.com/justinjsmith/archive/2009/03/24/tokenclient-mix-introduction.aspx</a> <br/>Mon, 29 Jun 2009 07:37:56 Z2009-06-29T07:37:56Zhttp://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#81eaa77f-d9a8-41c8-8bb2-14a60c18909bhttp://social.msdn.microsoft.com/Forums/en-US/netservices/thread/038f99eb-541a-4d05-881b-919a49ab99b6#81eaa77f-d9a8-41c8-8bb2-14a60c18909bvinayrajaramhttp://social.msdn.microsoft.com/Profile/en-US/?user=vinayrajaramI want to implement role based access controlthank you Stephane GUNET <br/>Tue, 30 Jun 2009 09:09:08 Z2009-06-30T09:09:08Z