Custom PrinciplePermission Authentication

Our system uses a custom roles, and authentication system to Authenticate users.

I am now looking into the service side validation/security. I want implement our custom Authentication, Authorization on the wcf too.

I have done some investigation, it looks like I could use t开发者_运维技巧he PrinciplePermission attribute on the contracts to allow/deny access. The default just calls the IsInRole method on the IPrinciple and the IsAuthenticated on the IIdentity.

So I have 2 questions:

1. How do implement my own custom principle which has additional data/methods?
2. How do I add addition checks to the PrinciplePermissions? e.g (IsExternal which will check if they are accessing the service from the intranet or internet [have a mechanism to monitor this already])

Thanks

After some experimenting I came up with a custom written solution:

I based my solution in Kyle McClellan's Authorisation Sample. I adapted the attributes to look at a custom class to retrieve the user.

To get around the async problem I loaded the user and his relevant data in the App.xaml prior to instantiating the MainPage, I then make use of a global singleton, which I called SecurityContext, to access user data.

The SecurityContext is an in-memory store of the user data that can be accessed clientside.