Click here to Skip to main content
12,446,525 members (50,768 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as

Stats

6K views
1 bookmarked
Posted

How to implement custom role based authorization for my WCF service operations

, 13 Feb 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
You can use custom attributes to implement it.

You can use custom attributes to implement it. Create a new custom attribute as below:

CustomMembershipAuthorization.cs

public class CustomMembershipAuthorization : Attribute, IOperationBehavior, IParameterInspector
{
    public string AllowedRole { get; set; }

    public CustomMembershipAuthorization()
    {
    }

    public CustomMembershipAuthorization(string allowedRole)
    {
        AllowedRole = allowedRole;
    }

    public void ApplyDispatchBehavior(OperationDescription operationDescription, DispatchOperation dispatchOperation)
    {
        dispatchOperation.ParameterInspectors.Add(this);
    }

    public void AfterCall(string operationName, object[] outputs,
                          object returnValue, object correlationState)
    {
    }

    public object BeforeCall(string operationName, object[] inputs)
    {
        if (!Thread.CurrentPrincipal.IsInRole(AllowedRole))
        {
            if (WebOperationContext.Current != null)
                WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;

            throw new WebFaultException<string>("Unauthorized", HttpStatusCode.Unauthorized);
        }

        return null;
    }

    public void AddBindingParameters(OperationDescription operationDescription, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
    {
    }

    public void ApplyClientBehavior(OperationDescription operationDescription, ClientOperation clientOperation)
    {
    }

    public void Validate(OperationDescription operationDescription)
    {
    }

}

Use above defined custom attribute with your operation contract as below:

    [ServiceContract]
    public interface IMyService
    {
        [OperationContract]
        [CustomMembershipAuthorization("client")]
        bool Log(MyLog req);

        [OperationContract]
        [CustomMembershipAuthorization("admin")]
        MyLog GetLog(string logId);
     }
}

In the BeforeCall() method of the CustomMembershipAuthorization class, you can modify the code as per your need. Here you can verify if the user belongs to the role which is allowed to access the operation.

Please refer How to implement simple custom membership provider for the details of how to authenticate the user using custom username and password.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Adarsh Chaurasia - Enjoying Full Stack Development
Software Developer (Senior)
India India
 Innovative & tech-savvy software development professional with 6+ years of progressive experience specializing in object-oriented approach to enterprise commercial solution delivery utilizing latest technologies.
 Extensive background in Full Life-Cycle of Software Development and Automation process including requirements gathering, design, coding, unit testing, automation, debugging and maintenance.
 Comprehensive knowledge of Relational Database technology, queries and procedures.
 Excellent understanding of OOPS Concepts, Design Patterns & Best Coding Practices.
 Strong architectural knowledge of designing n-tier and n-layer solutions using Application blocks, Enterprise library, SOA, Software factories.
 Working experience of IIS administration and website deployment and configuration.

Strengths & Area of expertise include:

 Full Stack Enterprise Web Development
 Multi-Threaded Programming
 Object Oriented Development
 REST APIs Development & Integration
 Distributed/Client Server System
 TDD & Behavior Driven Development (BDD)
 Database Design & Development
 Exceptional Analytical & Quick Learning Skill
 Team & Client Communication
 Proactive & Organization Development Attitude

You may also be interested in...

Pro
Pro

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.160811.3 | Last Updated 14 Feb 2014
Article Copyright 2014 by Adarsh Chaurasia - Enjoying Full Stack Development
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid