Hi Max,
As for security Authorization, the standard approach is to implement a
custom AuthorizationManager so that we can define our own authorization
code logic inside the AuthorizationManager(you can write code which read
authorization rules from config file). Here are some articles about
implementing a custom AuthorizationManager:
#How to: Create a Custom Authorization Manager for a Service
http://msdn.microsoft.com/en-us/library/ms731774.aspx
#How-To: Implement a WCF Authorization Manager Using AzMan
http://weblogs.asp.net/spano/archive...nt-a-wcf-autho
rization-manager-using-azman.aspx
In addition, if you use some certain bindings which support
"TransportCredentialOnly" security mode(such as basicHttpbinding), you can
simply write code in your WCF service to check the current Thread's
security identity. For example, here is an example WCF service which use
basichttpbinding and configured to use "TransportCredentialOnly" + windows
client credential.
=============================
<system.serviceModel>
<services>
<service name="Service" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="secBinding"
contract="IService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secBinding" >
<security mode="TransportCredentialOnly" >
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
===================================
in service code, you can check the client identity via;
=====service method=======
public string GetData(int value)
{
string name = HttpContext.Current.User.Identity.Name;
return string.Format("You entered: {0}", value.ToString() +
Thread.CurrentPrincipal.Identity.Name);
}
============
and in client-side code, you need to supply the correct user credentials:
================
static void Run()
{
WCFSVC.ServiceClient client = new
ConsoleClient.WCFSVC.ServiceClient();
//or you can use the default credentials instead of supply a custom account
client.ClientCredentials.Windows.ClientCredential = new
System.Net.NetworkCredential("username", "Password!");
string ret = client.GetData(5);
Console.WriteLine(ret);
}
==================
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Max2006" <al*******@newsgroup.nospam>
Subject: WCF Security: How restrict an endpoint to only response to a given
windows user or group?
Date: Thu, 9 Oct 2008 11:25:31 -0400
Hi,
I am trying to limit my wcf service endpoint to response to only given
windows user or group. How can I do that? Is there any way to configure
that
in the .config file?
Thank you,
Max