Menu
I want to decorate certain Operation Contracts with an attribute to authorize the caller by custom logic, something like this:
[ServiceBehavior]
public class Service1
{
[OperationContract]
[Authorize] // ?? this should make sure only admins can call this method
public List<SampleItem> GetCollection()
{
return new List<SampleItem>() { new SampleItem("Only Admins see me") };
}
}
The [Authorize] should check if the caller is entitled to call this operation; if not - it should return an error fault.
Thanks.
227
Not out of the box - but WCF top-guru Juval Löwy had a very interesting article in MSDN Magazine about Declarative WCF Security which goes in the same direction.
Juval identified several key security scenarios, and wrapped each of them up into a WCF service behavior to be applied as an attribute on your service class on the server side. Quite an interesting read indeed !
184
WCF doesn't have any special attribute for this purpose but you can use PrincipalPermissionAttribute - common approach for declarative role-based security in .NET.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
