This project is read-only.

How to Authorize Users against the SQL Role Provider

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you store role information in SQL Server, configure your application to use the SqlRoleProvider for authorization. The role provider allows you to load the roles for users without writing and maintaining custom code.

Use the following steps to enable SQL Server Role authorization to provide role-based authorization:
  1. Enable the Role provider as shown below and configure the connection string pointing to the role store in SQL server
…
<configuration>
…
<connectionStrings>
    <add name="MyLocalSQLServer"
         connectionString="Initial Catalog=aspnetdb;data source=Sqlserver;Integrated Security=SSPI;"

<system.web>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider" >
      <providers>
        <add name="MySqlRoleProvider"
             connectionStringName="MyLocalSQLServer"
             applicationName="MyAppName"
             type="System.Web.Security.SqlRoleProvider" />
      </providers>
    </roleManager>
<system.web>
  1. Configure the Service Behavior. Set the principalPermissionMode attribute as UseAspNetRoles and the roleProviderName attribute to MySqlRoleProvider.
…
<system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="BehaviorConfiguration">
          <serviceAuthorization principalPermissionMode="UseAspNetRoles"
            roleProviderName="MySqlRoleProvider" />          
         </behavior>
      </serviceBehaviors>
    </behaviors>
<services>
    <service behaviorConfiguration=" BehaviorConfiguration " name="MyService">
      <endpoint binding="wsHttpBinding" bindingConfiguration=""
        name="httpsendpoint" contract="IMyService2" />
     </service>
  </services>
  </system.serviceModel>
  1. Authorize windows groups declaratively by adding the PrincipalPermission attribute above each service method that requires authorization. Specify the Windows user group required to access the method in the Role field.
[PrincipalPermission(SecurityAction.Demand, Role = "accounting")]
public double Add(double a, double b)
{
    return a + b;
}

Additional Resources

Last edited Jun 13, 2008 at 7:15 PM by prashantbansode, version 1

Comments

No comments yet.