2

I have a WCF service that must be called by some Active Directory user.

How can I restrict the allowed callers for that WCF service to a specific AD group?

Improve this question

1 Answer 1

Reset to default
5

Since you appear to be using Windows authentication, you will be able to use the Active Directory groups and membership of your users inside those groups to restrict the usage of service methods.

With this, you can then use declarative syntax to limit callers to certain groups:

[ServiceContract] interface IMyService { [OperationContract] [PrincipalPermission(SecurityAction.Demand, Role="YourCustomRole")] public string MethodLimitedToGroup(string someInput); }

Anyone who is not member of that group you specified, and tries to call this method, will receive a SecurityException - but nothing else.

Is that what you're looking for?

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes this what i'm lookink for but I don't understan relation between ASP.Net and Active Directory?How Asp.net Role provider awares of Active Directory user group.
@Nim: sorry, my bad - I got mixed up; in WCF services, you don't require anything else. Using Windows credentials for authentication ought to also provide this functionality to restrict access to methods to certain groups
If you role name comes from config file then you cannot use the declarative syntax as attribute values can only be compile time constant. In that use use the imperative code equivalent.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.