Databases
StackOverflow2013
Postsdbo
PORestrict WCF Web Service functionality based on User Group
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORestrict WCF Web Service functionality based on User Group
    text
    copied!<p>I have a WCF Web Service which is consuming by C# client application. I’m also having 4 groups stored in Active Directory. Client application is passing user credentials to connect this web service.</p> <p>Web service exposing multiple APIs or Methods to be accessed by Client application as follows:</p> <pre><code> [OperationContract] bool Read(); [OperationContract] bool Write(); </code></pre> <p>Read() method should be accessible for all clients</p> <p>Write() method should be accessible by only users those belongs to specifc windows user group maintained by Active Directory.</p> <p>Question: How can we filter or restrict an exposed interface or method by client based on its user group maintain in AD?</p> <hr> <p>jrista, Thanks for your reply. I tried the same directives as PrincipalPermission as follows:</p> <pre><code>[PrincipalPermission(SecurityAction.Demand, Role = "Readers")] [OperationContract] bool Read(); [PrincipalPermission(SecurityAction.Demand, Role = "Writers")] [OperationContract] bool Write(); </code></pre> <p>But it does not work. Read group user is also able to call the Writer() method and Writer group user is also able to call the Write() method.</p> <p>One thing I want to tell you is that I'm using BasicHttpBind in my web.config file as follows:</p> <pre><code> &lt;system.serviceModel&gt; &lt;bindings&gt; &lt;basicHttpBinding&gt; &lt;binding name="BasicHttpBind"&gt; &lt;security mode="TransportCredentialOnly"&gt; &lt;transport clientCredentialType="Windows" proxyCredentialType="Windows" /&gt; &lt;/security&gt; &lt;/binding&gt; &lt;/basicHttpBinding&gt; &lt;/bindings&gt; &lt;services&gt; &lt;service name="DXDirectory.DXDirectoryService" behaviorConfiguration="DXDirectory.Service1Behavior"&gt; &lt;!-- Service Endpoints --&gt; &lt;endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBind" name="BasicBinding" contract="DXDirectory.IDXDirectoryService"&gt; &lt;!-- Upon deployment, the following identity element should be removed or replaced to reflect the identity under which the deployed service runs. If removed, WCF will infer an appropriate identity automatically. --&gt; &lt;identity&gt; &lt;dns value="localhost" /&gt; &lt;/identity&gt; &lt;/endpoint&gt; &lt;/service&gt; &lt;/services&gt; &lt;behaviors&gt; &lt;serviceBehaviors&gt; &lt;behavior name="DXDirectory.Service1Behavior"&gt; &lt;!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --&gt; &lt;serviceMetadata httpGetEnabled="true" /&gt; &lt;!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --&gt; &lt;serviceDebug includeExceptionDetailInFaults="false" /&gt; &lt;serviceAuthorization principalPermissionMode="UseWindowsGroups"/&gt; &lt;/behavior&gt; &lt;/serviceBehaviors&gt; &lt;/behaviors&gt; &lt;/system.serviceModel&gt; </code></pre> <p>Is it required to implement wsHttpBinding for this functionality? If yes, then how can I implement wsHttpBinding in my Web Service?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload