locked
Authorization for WCF service RRS feed

  • Question

  • We have developed a WCF service with "Windows" authentication and this WCF service gets called from the Silverlight application.

    I would like to know as how to add the "authroization" for this WCF service?

    Say, only a few Windows users (domain\user1, domain\user2) should be able invoke this service from the Silverlight GUI (say by clicking a button).  For all other users it should throw authorization error.

     What is the best approach to implement this and how?

    Wednesday, March 10, 2010 5:02 PM

Answers

  • It works after adding the users in the "authorization" element of the web.config.  As you said, I think role based authorization would be more appropriate.

     </system.web> 

      <authorization>      
            <allow users="domain\user1, domain\user2"/>
           <deny users="*"/>
     </authorization>

     </system.web>

    Friday, March 12, 2010 3:40 PM

All replies

  • I am assuming you have a web service hosted on IIS that you want to access from the SL app.

    If the service is hosted separate to your website then you’ll need to provide cross domain policy file as well. Google ClientAccessPolicy or wcf with silverlight and you get scores of articles.

    Ensure mexHttpBinding endpoint is removed from the config file as this requires to enable anonymous access.

    You will also require some custom basicHttpBinding in your config for WCF service endpoint, something like this

     

       <services>
          <service behaviorConfiguration="ServiceBehavior"
    
    name="SL.MyInterfaceImplementation">
            <endpoint address="" binding="basicHttpBinding"
                contract="SL.IMyInterface"
                bindingConfiguration="myCustomBasicHttpBinding"/>
          </service>
        </services>
    
     

    and custom binding something like this

     

    bindings>
          <basicHttpBinding>
            <binding name="myCustomBasicHttpBinding">
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
    

    The key to make your WCF service work without problem is <transport clientCredentialType="Windows"/> for windows authentication.

    There are other modes available as well for instance Digest, Ntlm, Basic

    I hope this helps 

     

    Thursday, March 11, 2010 12:14 AM
  • Thank your for the response.

    Yes, WCF service is hosted on IIS and I am accessing it from SL.

    I think whatever you mentioned is related to authentication of WCF service. I have already configured this and it is working fine.

    I am actually looking for information on how to add authorization to this WCF service.

    Say, every Windows user can log into this SL application using Windows authentication. But when they try to invoke the WCF service, (by clicking a button on this SL application) then only few users should get a response, and others should get  "authroization denied" error.

    Hope you got my problem.

    Thursday, March 11, 2010 11:07 AM
  • How are you authorizing users for accessing various pages of your website? I use role based authorization, i.e. create roles, add users to the role and assign pages to the role.

    Similarly, I authenticate the WCF client before making service call to the server.

    Thursday, March 11, 2010 6:32 PM
  • It works after adding the users in the "authorization" element of the web.config.  As you said, I think role based authorization would be more appropriate.

     </system.web> 

      <authorization>      
            <allow users="domain\user1, domain\user2"/>
           <deny users="*"/>
     </authorization>

     </system.web>

    Friday, March 12, 2010 3:40 PM