Allow access to WCF based on a group set in web.config

Question

I have created a WCF service that uses windows authentication and would like to set it so it can only be accessed if the user is in a Windows group. I Currently use the following attribute in code to make this happen

[PrincipalPermission(SecurityAction.Demand, Role = "Domain\MyGroup")]

Problem with this is I have to do it on each method and compile if I want to change the group. Is there a way so I can set the group that has access in the config file and for the services as an whole?

I have tried the following in my config file but this does not appear to work

<security>
   <authentication>
      <windowsAuthentication authPersistSingleRequest="true" enabled="true"/>
   </authentication>
   <authorization>
      <add accessType="Allow" roles="Domain\MyGroup" /> 
   </authorization>
</security>

Answer 1

Ok I figured it out. I have the config file set like the following

<security>
  <authentication>
    <windowsAuthentication enabled="true" />
  </authentication>
  <authorization>
    <remove users="*" roles="" verbs="" />
    <remove users="?" roles="" verbs="" />
    <add accessType="Deny" users="?" />
    <add accessType="Allow" roles="Domain\MyGroup" />
  </authorization>
</security>

Also had to set

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

And on my class that implements the WCF contract

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

I guess this means Im using ASP authentication rather than WCF but I works for me