Click here to Skip to main content
13,049,172 members (66,319 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


1 bookmarked
Posted 13 Feb 2014

How to Implement Custom Role Based Authorization for My WCF Service Operations

Rate this:
Please Sign up or sign in to vote.
How to implement custom role based authorization for my WCF service operations

You can use custom attributes to implement it. Create a new custom attribute as below:


public class CustomMembershipAuthorization : Attribute, IOperationBehavior, IParameterInspector
    public string AllowedRole { get; set; }

    public CustomMembershipAuthorization()

    public CustomMembershipAuthorization(string allowedRole)
        AllowedRole = allowedRole;

    public void ApplyDispatchBehavior
    (OperationDescription operationDescription, DispatchOperation dispatchOperation)

    public void AfterCall(string operationName, object[] outputs,
                          object returnValue, object correlationState)

    public object BeforeCall(string operationName, object[] inputs)
        if (!Thread.CurrentPrincipal.IsInRole(AllowedRole))
            if (WebOperationContext.Current != null)
                WebOperationContext.Current.OutgoingResponse.StatusCode =

            throw new WebFaultException<string>("Unauthorized", HttpStatusCode.Unauthorized);

        return null;

    public void AddBindingParameters(OperationDescription operationDescription,
    System.ServiceModel.Channels.BindingParameterCollection bindingParameters)

    public void ApplyClientBehavior
    (OperationDescription operationDescription, ClientOperation clientOperation)

    public void Validate(OperationDescription operationDescription)


Use the above defined custom attribute with your operation contract as below:

    public interface IMyService
        bool Log(MyLog req);

        MyLog GetLog(string logId);

In the BeforeCall() method of the CustomMembershipAuthorization class, you can modify the code as per your requirement. Here, you can verify if the user belongs to the role which is allowed to access the operation.

Please refer to How to implement simple custom membership provider for details of how to authenticate the user using custom username and password.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Adarsh Chaurasia - Enjoying Full Stack Development
Software Developer (Senior)
India India
 Innovative & tech-savvy software development professional wit7 6+ years of progressive experience specializing in object-oriented approach to enterprise commercial solution delivery utilizing latest technologies.
 Extensive background in Full Life-Cycle of Software Development and Automation process including requirements gathering, design, coding, unit testing, automation, debugging and maintenance.
 Comprehensive knowledge of Relational Database technology, queries and procedures.
 Excellent understanding of OOPS Concepts, Design Patterns & Best Coding Practices.
 Strong architectural knowledge of designing n-tier and n-layer solutions using Application blocks, Enterprise library, SOA, Software factories.
 Working experience of IIS administration and website deployment and configuration.

Strengths & Area of expertise include:

 Full Stack Enterprise Web Development
 Multi-Threaded Programming
 Object Oriented Development
 REST APIs Development & Integration
 Distributed/Client Server System
 TDD & Behavior Driven Development (BDD)
 Database Design & Development
 Exceptional Analytical & Quick Learning Skill
 Team & Client Communication
 Proactive & Organization Development Attitude

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170713.1 | Last Updated 14 Feb 2014
Article Copyright 2014 by Adarsh Chaurasia - Enjoying Full Stack Development
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid