StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1332492
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2009-08-26T05:22:34.543
FavoriteCount
0
LastActivityDate
2009-08-26T05:22:34.543
LastEditDate
LastEditorUserId
0
OwnerUserId
13302
ParentId
1330995
PostTypeId
2
Score
10
ViewCount
0
LastEditorDisplayName
text
Body
You need to two keep concepts apart: <ul> <li>AUTHENTICATION is the process of determining who it is that's calling you, and making sure he really is who he claims to be; this can be done using username/password, Windows credentials (he had already authenticated himself to his Windows box through logging on), or by requiring the caller to have some information (certificate)</li> <li>AUTHORIZATION is the process - once you know who is calling you, to determine what that caller can do (or what he cannot do)</li> </ul> In order to use Active Directory groups, you need to use a security mode in WCF that supports Windows credentials. The easiest is to use Windows credentials from the beginning, which is the default for wsHttpBinding and netTcpBinding - in this case, the caller will always pass along his Windows credentials with every call, and you can inspect those on the server side by looking at the <code>ServiceSecurityContext.Current.WindowsIdentity</code>: <pre><code>WindowsIdentity caller = ServiceSecurityContext.Current.WindowsIdentity; </code></pre> This works well in an Intranet scenario - everyone is behind a corporate firewall and authenticated on their machines anyway. In order to enable this, just use wsHttp or netTcp binding (I'd recommend netTcp in this case). The other slightly more complicated case is when you have your client present a X.509 certificate, and you then map that on the server side to an existing AD user in your network. That's rather advanced, however. Once your caller is authenticated, e.g. you know who is calling, you can use the regular role-based security model to limit privileges. Just add <code>[PrincipalPermission(....)]</code> attributes to your methods that you want to protect, and if the user doesn't match any of those requirements, a security exception will the thrown and the method will not be executed. <pre><code> [PrincipalPermission(SecurityAction.Demand, Role = "Administrators")] [PrincipalPermission(SecurityAction.Demand, Name = "JohnDoe")] public string SayHello(string caller) { ...... } </code></pre> You can have multiple of those "PrincipalPermission" attributes, and they're matched together in an "OR"-fashion - if any one of them matches the current caller, he'll be allowed to make the call. Check out page 4 of this article <a href="http://www.code-magazine.com/article.aspx?quickid=0611051&page=4" rel="noreferrer">Fundamentals of WCF Security</a> for more details on how to use role-based security. Marc
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POWCF Web Service Authentication based on AD groups
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USmarc_s
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.