Declare Role-based Authentication in App.config

2008년 11월 24일 월요일 오후 4:32Jan L_

0
로그인하여 투표
Hello,

I have a self-hosted WCF-Service and want to provide a role-based authentication to my service methods. However, i only found the way to either do it imperatively in code or declare it using the PrincipalPermissionAttribute. This works fine but I'd rather like to declare the allowed role(s) in the App.config file of my application, as it is possible with 'normal' web services, since I need to adjust them according to the execution environment.

How do I accomplish this task?

Regards, Jan
- 응답
- 인용

답변

2008년 11월 25일 화요일 오후 1:56Lars WilhelmsenMVP, 중재자

0
로그인하여 투표
Hi again Jan,

You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

I've done this before - if I remember where I put the code, I will get back to you.

--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
- 답변으로 표시됨Jan L_ 2008년 11월 25일 화요일 오후 3:54
- 응답
- 인용

모든 응답

2008년 11월 24일 월요일 오후 6:14Lars WilhelmsenMVP, 중재자

0
로그인하여 투표
Hi,

You can use the ASP.NET Role Manager together with your WCF service.

For more information, see this MSDN Library Howto.

--larsw

Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
- 답변으로 제안됨Lars WilhelmsenMVP, 중재자2008년 11월 24일 월요일 오후 6:14
- 응답
- 인용
2008년 11월 25일 화요일 오전 7:27Jan L_

0
로그인하여 투표
Hi Lars,

thanks for your answer but it is not quite what I want. As far as I understood, the provider is responsible for providing the available roles. This works fine with "useWindowsGroups" since I am validating against Windows groups in a domain. Now I want to specify the valid roles in my App.config as it is possible for web services using in the Web.config:

<authorization>
<allow roles="allowed_user_group"/>
<deny users="*"/>
</authorization>

The only declarative way of specifying the allowed windows groups in WCF, that I found, is using:

[PrincipalPermission(SecurityAction.Demand, Role = "allowed_user_group")]

As I already said: This works fine, but is not flexible enough for me, since the allowed groups change, not the way how the groups are provided.

Regards, Jan
- 응답
- 인용
2008년 11월 25일 화요일 오후 1:56Lars WilhelmsenMVP, 중재자

0
로그인하여 투표
Hi again Jan,

You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

I've done this before - if I remember where I put the code, I will get back to you.

--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
- 답변으로 표시됨Jan L_ 2008년 11월 25일 화요일 오후 3:54
- 응답
- 인용
2008년 11월 25일 화요일 오후 3:57Jan L_

0
로그인하여 투표
Hello Lars,

thanks alot. Sometimes I do not see the simplest answers. The custom attributes works fine. However, you must inherit from CodeAccessSecurityAttribute instead of PrincipalPermissionAttribute, the latter is sealed. Anyway, thanks alot.

Regards, Jan
- 응답
- 인용
2008년 11월 26일 수요일 오전 7:49Lars WilhelmsenMVP, 중재자

0
로그인하여 투표
Hi again,

Sure, I didn't remember that the PrincipalPermissionAttribute was sealed. I believe I used reflector to look at the source for it, and created a similar attribute that pulled the roles from configuration.

--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
- 응답
- 인용