Move PrincipalPermission from service code to app.config. [modified]
-
In my WCF Service I have implemented the methods of a contract called
IFooinFoo.cs, and I have usedPrincipalPermissionto set the Authorization of incoming calls. For instance:[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")] //Move this setting to app.config
public void FooMethod()
{
...
...
}Now instead of programmatically defining which role (in this case Administrators) that are allowed to make calls to
FooMethod, I'd like to define this in anapp.configfile instead in order to change the permissions needed without recompiling. I believed this to be an easy task, but I'm stuck. Googling and reading my otherwise so excellent WCF book has got me nowhere. Does anyone know how this can be achieved? I'm hosting my WCF Service as a Windows NT Service.modified on Thursday, August 26, 2010 7:05 AM
-
In my WCF Service I have implemented the methods of a contract called
IFooinFoo.cs, and I have usedPrincipalPermissionto set the Authorization of incoming calls. For instance:[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")] //Move this setting to app.config
public void FooMethod()
{
...
...
}Now instead of programmatically defining which role (in this case Administrators) that are allowed to make calls to
FooMethod, I'd like to define this in anapp.configfile instead in order to change the permissions needed without recompiling. I believed this to be an easy task, but I'm stuck. Googling and reading my otherwise so excellent WCF book has got me nowhere. Does anyone know how this can be achieved? I'm hosting my WCF Service as a Windows NT Service.modified on Thursday, August 26, 2010 7:05 AM
Hello, with default infrastructure it is not possible. I think it's a security hole. If you really want something similar check this article Best regards, Ladislav
-
Hello, with default infrastructure it is not possible. I think it's a security hole. If you really want something similar check this article Best regards, Ladislav
Thank you for your reply. I'll look into the article to see if it helps. [edit: a few hours later...] This is the way to do it - though I will probably define and group my methods as "edit", "delete" etc. and in the app.config I'll define which user groups are allowed to perform what kind of actions. An "edit" contains both "Administrators" and "Power Users" and "delete" contains only "Administrators" and so forth.
modified on Friday, August 27, 2010 4:03 AM