I want to make wcf authentication, by username and password. After that, to make custom attributes to services, to restrict access by username. For example if authenticated username is User to restrict access to delete, if moderator to allow. How to do that, and what are the best practices?
- 1Hi croisharp, you might want to have a look at claims based security msdn.microsoft.com/en-us/library/ff423674.aspx. Should be enough to get you started.Dominik– Dominik2011-06-27 08:25:04 +00:00Commented Jun 27, 2011 at 8:25
Add a comment |
1 Answer
What you need is:
- Custom user name password validator or membership provider to authenticate your users
- Role based security or custom service authorization manager where you get
You can also thing about using roles and assign users to roles outside of your service - it will simplify authorization once you will need multiple users to do the same thing.
5 Comments
croisharp
If i want to restrict access to some services, without changing the implementation of service? I mean to make a custom attribute, but is possible to create cookies and check by cookie if user is admin or simple user?
Ladislav Mrnka
You need custom service authorization manager which can be assigned from the configuration file.
croisharp
Can i know what is the username of authenticated user, that requires a service?
Ladislav Mrnka
Try
operationContext.ServiceSecurityContext.PrimaryIdentity.Namecroisharp
Can i use NetSqlAzMan as an authorization manager, and membership provider?