开发者

How to tie ASP.NET permissions to WCF service

问答 作者:

I am creating a large ASP.NET 4 site which has a WCF service backend. I would like for the site to use the service for login and authorization.

Basically when the user gets to the login page, instead of using a membership provider I want the WCF service to be used as authentication mechanism.

The WCF service already uses Authentication and Authorization (with impersonation), so that clients of the service receive errors if they try to execute service methods they do not have permissions to.

The question is how do I tie this in with the ASP.NET site?

Here is some sample code that I am using:

Web Service Interface:

[ServiceContract]
public interface IService
{
    [OperationContract]
    bool Foo();

    [OperationContract]
    void Bar();
}

Web Service:

public class BackEndService : IService
{
    [PrincipalPermission(SecurityAction.Demand, Role="FooRole")]
    public bool Foo()
    {
        return false;
    }

    [PrincipalPermission(SecurityAction.Demand, Role="Bar")]
    public void Bar()
    {
        //...
    }
}

开发者_开发问答On the client:

public class LoginPage : Page
{
    public void LoginButton_Clicked(object sender, EventArgs e)
    {
        string username = TxtUsername.Value;
        string password = TxtPassword.Value;

        BackEndService client = new BackEndService();
        client.CleintCredentials.Username = username;
        client.ClientCredentials.Password = password;

        client.Foo(); //if the credentials supplied do not have permissions there will be error
        client.Bar();
    }
}

What I am aiming to achieve is to have some of the UI element's functionality flagged with the PrincipalPermission attribute so that the user doesn't have to make the trip to the service to discover that they do not have permissions.

Moreover, I'd like to have some of the UI elements being loaded/unloaded based on the user's permissions.

Is it possible, or do I have to bake some logic into my service to return whichever UI modules the user can see? Is it possible the permissions to be handled through the service as though it is a Membership provider as it is the case with using PrincipalPermissionAttribute on UI element's code behind?

Thanks,

<bleepzter/>

If you want to use ASP.NET Membership, You'll need to write your own Membership Provider to authenticate against your WCF service. You may need to add an operation to your WCF service to return a list of the roles the user belongs to. Then you can use the Membership class to determine if a user is a particular role, and hide/show UI elements as necessary.

See http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx for more information about creating a membership provider.

继续阅读:asp.net-membershipwcf

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9