WCF - validate transport windows credential against A/D group? RRS feed

  • Question

  • User-1796506859 posted

    Hi Folks,

    I have a managed windows service (C# .Net 4) that is using Transport Security Mode with TransportCredentialType.Windows.  

    All is working fine, however, I want to be able to check the credential that is passed to see if it is a member of a specific Active Directory security group.  

    I figure that I need to write a custom WindowsSecurityTokenAuthenticator or something like that, or I need to write some other Authorization routine.

    Does anyone have an example on how to do either of these.



     Edit: Sorry, I forgot to add, needs to be done in code as there is no config file.

    Tuesday, March 19, 2013 9:21 PM


  • User-917364509 posted

    If your service is using Windows authentication you should be able to evaluate the WindowsIdentity.Groups property of the current security context:

    WindowsIdentity caller = ServiceSecurityContext.Current.WindowsIdentity;
    List<string> groups = new List<string>();
    foreach(var group in caller.Groups)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, March 20, 2013 8:42 AM

All replies