If You Store Role Information in Windows Groups, Consider Using the WCF PrincipalPermissionAttribute Class for Roles Authorization

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you are using Windows Groups to store user roles, map your Windows groups to the WCF service methods using the PrincipalPermission attribute. Incoming client username credentials will be mapped to associated Windows groups. Service method access will be granted to the user if the user is a member of the group associated with the method being called.

The following example demonstrates how the WCF service “Add” method will only run for users belonging to the “CalculatorClients” Windows group.
// Only members of the CalculatorClients group can call this method.
[PrincipalPermission(SecurityAction.Demand, Role = "CalculatorClients")]
public double Add(double a, double b)
{
    return a + b;
}

Additional Resources

Last edited Jun 12, 2008 at 8:56 PM by prashantbansode, version 1

Comments

No comments yet.