Role-based permissions to entities on WCF data service calls RRS feed

  • Question

  • I have my application using username/password validation and a custom principal for role-based security on my general (non data-service) WCF calls through the [PrincipalPermission(SecurityAction.Demand, Role = ...)] Attribute annotation. This is working fine. 

    How would this approach be applied to WCF data service? What I essentially want is that users have write permissions to certain entities based on their role. In northwind-terminology, everyone might read/write orders and read customer entities, but only admins may update customers.

    The details I read about WCF data services, is only how you would generally authenticate and how you generally permit access to entities through SetEntityAccessRule().

    Am I missing something here?



    Monday, October 3, 2011 11:25 AM

All replies