How to secure a complete WCF service with PrincipalPermission's

Question

I have a WCF service binding with netTcp with over 100 methods, I would like to secure all the methods based on a Windows User Group.

I know you can put the attribute [PrincipalPermission(SecurityAction.Demand, Role = "MyWindowsUserGroup")] before each method.

Do I need to do this individually for every single method or is there a way to have every method in the service secured with this same user group by default?

Answer 1

You can add PrincipalPermission at class level as well as method.

// Before:
public class AdministrationService : IAdminService
{
   [PrincipalPermission(SecurityAction.Demand, Role = "Domain\Admin Service Admins")]
   public bool DisableAdministrator(int userId)
   {
   }

   [PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
   public bool DeleteAdministrator(int userId)
   {
   }
}

// After:

[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public class AdministrationService : IAdminService
{
   public bool DisableAdministrator(int userId)
   {
   }

   public bool DeleteAdministrator(int userId)
   {
   }
}

You can also define multiple instances of it, if you wish to have multiple types of permissions.

[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Domain Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Power Users")]
public class AdministrationService : IAdminService
{
   public bool DisableAdministrator(int userId)
   {
   }

   public bool DeleteAdministrator(int userId)
   {
   }
}