How to Perform Resource-Based Authorization

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Resource-based authorization sets permissions on the resource itself. For instance you would set an ACL on a Windows resource and then use the identity of the original caller to determine access rights to the resource. If you use resource-based authorization in WCF you’ll need to impersonate the original caller through the application layer (e.g. ASP.NET application), through the WCF service layer and to the business logic code that is accessing the file resource.

To use resource-based authorization you need to sets permissions on the resource itself by setting an ACL and then impersonating the original caller.

The following code impersonates a specific (fixed) identity.
using System.Security.Principal;
…
WindowsIdentity wi = new WindowsIdentity(“userName@fullyqualifieddomainName”);
WindowsImpersonationContext ctx = null;

try
{
  ctx = wi.Impersonate();

  // Thread is now impersonating you can access resource needed…
}
catch
{
  // Prevent exceptions propagating.
}
finally
{
  // Ensure impersonation is reverted
  ctx.Undo();
}

Additional Resources

Last edited Jun 13, 2008 at 6:11 PM by prashantbansode, version 1

Comments

No comments yet.