Reputation: 3453
WCF PrincipalPermission with roles, configuring for sub-methods
I want to keep this as simple as possible, so I'm not posting any code,as it will probably just confuse things.
I have implemented security in my application using WCF's role based authorisation.
Assume that I have 4 methods on my publicly exposed interface
- GetPerson
- DeletePerson
- UpdatePerson
- GetSurnameAndForename
I have attached the
[PrincipalPermission(SecurityAction.Demand,Role="POWERUSER")]
to the first 3, and the
[PrincipalPermission(SecurityAction.Demand,Role="GENERALUSER")]
to the final one.
This works fine, and prevents a 'GENERALUSER' from accessing the first 3 methods.
However the method GetSurnameAndForename internally calls the GetPerson method, which fails. I understand why it fails, but is there a preferred way to allow GetSurnameAndForename to call GetPerson withouth having the POWERUSER role ?
The only way I can think of doing this, is adding an extra check in the IsInRole method to check the CallStack to see if this call has come from an internal method, or an external call. This solution works, but it's not very elegant.
Upvotes: 1
Views: 1643
Answers (2)
Reputation: 10296
Crisscrossing boundaries secured with Principal Permission Attributes is a recipe for disaster.
Upvotes: 2
Reputation: 364259
Yes there is very easy solution. Wrap the logic offered by GetPerson to private method and call that new method from both GetPerson and GetSurnameAndForename.
Upvotes: 3
Related Questions
- Using different PrincipalPermissions in an overridden method
- PrincipalPermission attribute on Service contract
- How to secure a complete WCF service with PrincipalPermission's
- WCF PrincipalPermission Authorization
- Error with PrincipalPermission authentication in WCF
- How do I restrict access to some methods in WCF?
- WCF CustomRoleProvider and Principle Permissions
- How to tie ASP.NET permissions to WCF service
- .NET WCF permissions
- WCF and PrincipalPermission