CODEWITHSUNDEEP
.netwcf
Dmitry Sadakov
Dmitry Sadakov

Reputation: 2158

Does WCF have an equivalent of MVC's [Authorize] attribute?

I want to decorate certain Operation Contracts with an attribute to authorize the caller by custom logic, something like this:

[ServiceBehavior]
public class Service1
{
    [OperationContract]
    [Authorize] // ?? this should make sure only admins can call this method
    public List<SampleItem> GetCollection()
    {
        return new List<SampleItem>() { new SampleItem("Only Admins see me") };
    }
}

The [Authorize] should check if the caller is entitled to call this operation; if not - it should return an error fault.

Thanks.

Upvotes: 11

Views: 11502

Answers (3)

marc_s
marc_s

Reputation: 754408

Not out of the box - but WCF top-guru Juval Löwy had a very interesting article in MSDN Magazine about Declarative WCF Security which goes in the same direction.

Juval identified several key security scenarios, and wrapped each of them up into a WCF service behavior to be applied as an attribute on your service class on the server side. Quite an interesting read indeed !

Upvotes: 21

CodingWithSpike
CodingWithSpike

Reputation: 43708

In my WCF application, I've largely overrided all the default authentication and authorization stuff, and I use some custom processing of the PrincipalPermissionAttribute to check my custom security permissions.

I have some code snippits of how I did this in this post: .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

Upvotes: 2

Ladislav Mrnka
Ladislav Mrnka

Reputation: 364259

WCF doesn't have any special attribute for this purpose but you can use PrincipalPermissionAttribute - common approach for declarative role-based security in .NET.

Upvotes: 3

Related Questions