登录
 
Microsoft 开发人员网络 > 论坛主页 > Windows Communication Foundation > Declare Role-based Authentication in App.config
提出问题提出问题
搜索论坛:
 

已答复Declare Role-based Authentication in App.config

  • 2008年11月24日 16:32Jan L_ 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票
    Hello,
     
    I have a self-hosted WCF-Service and want to provide a role-based authentication to my service methods. However, i only found the way to either do it imperatively in code or declare it using the PrincipalPermissionAttribute. This works fine but I'd rather  like to declare the allowed role(s) in the App.config file of my application, as it is possible with 'normal' web services, since I need to adjust them according to the execution environment.

    How do I accomplish this task?

    Regards, Jan
     

答案

  • 2008年11月25日 13:56Lars WilhelmsenMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票
    Hi again Jan,

     You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

     I've done this before - if I remember where I put the code, I will get back to you.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
    • 已标记为答案Jan L_ 2008年11月25日 15:54
    •  
     

全部回复

  • 2008年11月24日 18:14Lars WilhelmsenMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     建议的答复
    登录进行投票
    0
    登录进行投票
    Hi,

     You can use the ASP.NET Role Manager together with your WCF service.

     For more information, see this MSDN Library Howto.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
     
  • 2008年11月25日 7:27Jan L_ 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     包含代码
    登录进行投票
    0
    登录进行投票
    Hi Lars,

    thanks for your answer but it is not quite what I want. As far as I understood, the provider is responsible for providing the available roles. This works fine with "useWindowsGroups" since I am validating against Windows groups in a domain. Now I want to specify the valid roles in my App.config as it is possible for web services using in the Web.config:

    <authorization>
      <    allow roles="allowed_user_group"/>
      <    deny users="*"/>
    </    authorization>

    The only declarative way of specifying the allowed windows groups in WCF, that I found, is using:

    [PrincipalPermission(SecurityAction.Demand, Role = "allowed_user_group")]

    As I already said: This works fine, but is not flexible enough for me, since the allowed groups change, not the way how the groups are provided.

    Regards, Jan


     

     
  • 2008年11月25日 13:56Lars WilhelmsenMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票
    Hi again Jan,

     You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

     I've done this before - if I remember where I put the code, I will get back to you.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
    • 已标记为答案Jan L_ 2008年11月25日 15:54
    •  
     
  • 2008年11月25日 15:57Jan L_ 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票
    Hello Lars,

    thanks alot. Sometimes I do not see the simplest answers. The custom attributes works fine. However, you must inherit from CodeAccessSecurityAttribute instead of PrincipalPermissionAttribute, the latter is sealed. Anyway, thanks alot.

    Regards, Jan
     
  • 2008年11月26日 7:49Lars WilhelmsenMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票
    Hi again,

     Sure, I didn't remember that the PrincipalPermissionAttribute was sealed. I believe I used reflector to look at the source for it, and created a similar attribute that pulled the roles from configuration.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/