Reputation: 226
What's the most elegant way to verify access rights on a method (C#.Net)
I have a WebService built in WCF (C#.Net) that contains dozens of methods. On every methods, I wan't to validate if the current user has access to this particular action.
Right now, I have something like this :
public MyContract MyMethod(int MyParameter)
{
ValidateAccess(MyCurrentIdentityInfo, ActionEnum);
// Do stuff here...
}
public void MyMethod2(int MyParameter)
{
ValidateAccess(MyCurrentIdentityInfo, ActionEnum);
// Do stuff here...
}
etc...
You'll notice that I call a method at the beginning to check the access rights and then, do the code I need. This code works fine, but I have to call this method on every method in my service and I don't find it pretty.
Is there a more elegant way to acheive what I'm trying to do? I tried using a custom attribute but didn't succeed.
Note that I'm NOT trying to authenticate the user on the WebService itself. In the exemple above, the user would be valid on the WebService. But I'd like to run a custom code to check if he can call a method that deletes a record for instance.
Upvotes: 4
Views: 152
Answers (1)
Reputation: 923
You can think to use Castle Dynamic Proxy to inject the validation of the operation on the logged user.
Upvotes: 1
Related Questions
- How to secure authorization of methods
- Is there a simpler way to check user permissions against a method input?
- Checking clients and the methods they are allowed to access outside of the method?
- asp.net web services(.asmx) authorization for particular method
- How to forbid calling a method C#
- How to make sure security for Webservice?
- role based access to methods
- Assert Permissions in C#
- Is there a way to only expose a certain web method in a .Net Web Service to a particular user/group?
- How authenticate web methods in a web service?