问题描述:

I was hoping to be able to protect my WCF services on an operation level not service level.

Hence some methods are protected and others not. I know there is an attribute called PrincipalPermission but this works with Windows

I was hoping something existed for WCF Soap like it does for WCF Rest in this contrib project. WcfRestContrib

This extra project allows the use of a custom username and password validator and allow it only to protect certain methods by decorating the methods with an attribute

Is this possible with WCF (soap)?

Thanks in advance

网友答案:

Yes, it is possible to do operation level authorization checks with SOAP in WCF, but you'll need to do claims based authorization (as far as I know). That's what my team does for our product.

The hook point in WCF is to implement a custom ServiceAuthorizationManger

ServiceAuthorizationManager.CheckAccessCore Method

How to: Create a Custom Authorization Manager for a Service

and plug that into your service behaviour:

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceAuthorization serviceAuthorizationManagerType="MyServiceAuthorizationManager" />
    </behavior>
  </serviceBehaviors>

When you implement your authorization manager, override CheckAccessCore, and then simply return true/false is they are authorized or not.

相关阅读:
Top