登入
 
MSDN > 論壇首頁 > Windows Communication Foundation > Declare Role-based Authentication in App.config
發問發問
搜查論壇:
 

已答覆Declare Role-based Authentication in App.config

  • Monday, 24 November, 2008 16:32Jan L_ 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票
    Hello,
     
    I have a self-hosted WCF-Service and want to provide a role-based authentication to my service methods. However, i only found the way to either do it imperatively in code or declare it using the PrincipalPermissionAttribute. This works fine but I'd rather  like to declare the allowed role(s) in the App.config file of my application, as it is possible with 'normal' web services, since I need to adjust them according to the execution environment.

    How do I accomplish this task?

    Regards, Jan
     

解答

  • Tuesday, 25 November, 2008 13:56Lars WilhelmsenMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票
    Hi again Jan,

     You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

     I've done this before - if I remember where I put the code, I will get back to you.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
    • 已標示為解答Jan L_ Tuesday, 25 November, 2008 15:54
    •  
     

所有回覆

  • Monday, 24 November, 2008 18:14Lars WilhelmsenMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     提議的解答
    登入以投票
    0
    登入以投票
    Hi,

     You can use the ASP.NET Role Manager together with your WCF service.

     For more information, see this MSDN Library Howto.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
     
  • Tuesday, 25 November, 2008 7:27Jan L_ 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     包含代碼
    登入以投票
    0
    登入以投票
    Hi Lars,

    thanks for your answer but it is not quite what I want. As far as I understood, the provider is responsible for providing the available roles. This works fine with "useWindowsGroups" since I am validating against Windows groups in a domain. Now I want to specify the valid roles in my App.config as it is possible for web services using in the Web.config:

    <authorization>
      <    allow roles="allowed_user_group"/>
      <    deny users="*"/>
    </    authorization>

    The only declarative way of specifying the allowed windows groups in WCF, that I found, is using:

    [PrincipalPermission(SecurityAction.Demand, Role = "allowed_user_group")]

    As I already said: This works fine, but is not flexible enough for me, since the allowed groups change, not the way how the groups are provided.

    Regards, Jan


     

     
  • Tuesday, 25 November, 2008 13:56Lars WilhelmsenMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票
    Hi again Jan,

     You can derive from the PrincipalPermissionAttribute and read the allowed roles from the configuration. It is pretty straight forward.

     I've done this before - if I remember where I put the code, I will get back to you.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/
    • 已標示為解答Jan L_ Tuesday, 25 November, 2008 15:54
    •  
     
  • Tuesday, 25 November, 2008 15:57Jan L_ 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票
    Hello Lars,

    thanks alot. Sometimes I do not see the simplest answers. The custom attributes works fine. However, you must inherit from CodeAccessSecurityAttribute instead of PrincipalPermissionAttribute, the latter is sealed. Anyway, thanks alot.

    Regards, Jan
     
  • Wednesday, 26 November, 2008 7:49Lars WilhelmsenMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票
    Hi again,

     Sure, I didn't remember that the PrincipalPermissionAttribute was sealed. I believe I used reflector to look at the source for it, and created a similar attribute that pulled the roles from configuration.

     --larsw
    Lars Wilhelmsen | Senior Consultant | Miles, Norway | MCTS WCF | http://larswilhelmsen.com/