Click here to Skip to main content
Click here to Skip to main content
Technical Blog

Tagged as

How to implement custom role based authorization for my WCF service operations

, 13 Feb 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
You can use custom attributes to implement it. Create a new custom attribute as below: CustomMembershipAuthorization.cs     public class CustomMembershipAuthorization : Attribute, IOperationBehavior, IParameterInspector     {         public string AllowedRole { get; set; }         public CustomMembe

You can use custom attributes to implement it. Create a new custom attribute as below:

CustomMembershipAuthorization.cs

    public class CustomMembershipAuthorization : Attribute, IOperationBehavior, IParameterInspector
    {
        public string AllowedRole { get; set; }

        public CustomMembershipAuthorization()
        {
        }

        public CustomMembershipAuthorization(string allowedRole) 
        {
            AllowedRole = allowedRole;
        }

        public void ApplyDispatchBehavior(OperationDescription operationDescription, DispatchOperation dispatchOperation)
        {
            dispatchOperation.ParameterInspectors.Add(this);
        }

        public void AfterCall(string operationName, object[] outputs,
                              object returnValue, object correlationState)
        {
        }

        public object BeforeCall(string operationName, object[] inputs)
        {
            if (!Thread.CurrentPrincipal.IsInRole(AllowedRole))
            {
                if (WebOperationContext.Current != null)
                    WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;

                throw new WebFaultException<string>("Unauthorized", HttpStatusCode.Unauthorized);
            }

            return null;            
        }

        public void AddBindingParameters(OperationDescription operationDescription, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
        }

        public void ApplyClientBehavior(OperationDescription operationDescription, ClientOperation clientOperation)
        {
        }

        public void Validate(OperationDescription operationDescription)
        {
        }

    }

Use above defined custom attribute with your operation contract as below:

    [ServiceContract]
    public interface IMyService
    {
        [OperationContract]
        [CustomMembershipAuthorization("client")]
        bool Log(MyLog req);

        [OperationContract]
        [CustomMembershipAuthorization("admin")]
        MyLog GetLog(string logId);
     }
}

In the BeforeCall() method of the CustomMembershipAuthorization class, you can modify the code as per your need. Here you can verify if the user belongs to the role which is allowed to access the operation.

Please refer How to implement simple custom membership provider for the details of how to authenticate the user using custom username and password.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Adarsh Chaurasia (Consultant|Mentor|Tech Savvy)
Software Developer (Senior)
India India
I have 4.6+ years of experience in SaaS, SOA based Enterprise Web Application design and development using Microsoft technology stack. I have mostly worked on Business layer, Data access layer, WCF, Entity Framework, Microsoft Application Blocks, Search engines, APIs integration, Third party APIs/Product Research & Development.
 
I am a huge fan of Design Patterns. I also work as Software Consultant. I read/write blogs, help and learn from other developers.
Follow on   Twitter   LinkedIn

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.141216.1 | Last Updated 14 Feb 2014
Article Copyright 2014 by Adarsh Chaurasia (Consultant|Mentor|Tech Savvy)
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid