.NET Framework Developer Center >
.NET Development Forums
>
Windows Communication Foundation
>
Declare Role-based Authentication in App.config
Declare Role-based Authentication in App.config
- Hello,
I have a self-hosted WCF-Service and want to provide a role-based authentication to my service methods. However, i only found the way to either do it imperatively in code or declare it using the PrincipalPermissionAttribute. This works fine but I'd rather like to declare the allowed role(s) in the App.config file of my application, as it is possible with 'normal' web services, since I need to adjust them according to the execution environment.
How do I accomplish this task?
Regards, Jan
Answers
- Hi again Jan,
You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.
I've done this before - if I remember where I put the code, I will get back to you.
--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/- Marked As Answer byJan L_ Tuesday, November 25, 2008 3:54 PM
All Replies
- Hi,
You can use the ASP.NET Role Manager together with your WCF service.
For more information, see this MSDN Library Howto.
--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/- Proposed As Answer byLars WilhelmsenMVP, ModeratorMonday, November 24, 2008 6:14 PM
- Hi Lars,
thanks for your answer but it is not quite what I want. As far as I understood, the provider is responsible for providing the available roles. This works fine with "useWindowsGroups" since I am validating against Windows groups in a domain. Now I want to specify the valid roles in my App.config as it is possible for web services using in the Web.config:
<authorization>
<allow roles="allowed_user_group"/>
<deny users="*"/>
</authorization>
The only declarative way of specifying the allowed windows groups in WCF, that I found, is using:
[
PrincipalPermission(SecurityAction.Demand, Role = "allowed_user_group")]
As I already said: This works fine, but is not flexible enough for me, since the allowed groups change, not the way how the groups are provided.
Regards, Jan
- Hi again Jan,
You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.
I've done this before - if I remember where I put the code, I will get back to you.
--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/- Marked As Answer byJan L_ Tuesday, November 25, 2008 3:54 PM
- Hello Lars,
thanks alot. Sometimes I do not see the simplest answers. The custom attributes works fine. However, you must inherit from CodeAccessSecurityAttribute instead of PrincipalPermissionAttribute, the latter is sealed. Anyway, thanks alot.
Regards, Jan - Hi again,
Sure, I didn't remember that the PrincipalPermissionAttribute was sealed. I believe I used reflector to look at the source for it, and created a similar attribute that pulled the roles from configuration.
--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
