Implementing Role Based Security in WCF Data Service RRS feed

  • Question

  • Hi,

    I have a WCF Data Service in which I need to check if the user (username will be got from HttpContext) belongs to a certain role before granting permissions to read or write entities and invoke service operations. If there is any documentation in this regard, please let me know. The Roles and Permissions are implemented using custom tables in a database.



    Friday, December 10, 2010 3:42 PM

All replies

  • Hi

    Here is an MSDN article which talks about Security w.r.t WCF Data Services. http://msdn.microsoft.com/en-us/library/dd728284.aspx Go through the different options available.

    For your specific scenario of Role Based Access to wcf data service - i think the answer is to write Interceptors. In the above article look out for the section: - "Implement Role-Based Interceptors". Also here is an arrticle on how to implement interceptors - http://msdn.microsoft.com/en-us/library/dd744837.aspx

    Interceptors allow you to intercept wcf data service request for a particular set and take care of your business logic.


    Hope this helps you and gives you a start point.


    PS : Please mark this as answer if this is what you were looking for


    Monday, December 13, 2010 7:14 AM