开发者

Custom PrinciplePermission Authentication

开发者 https://www.devze.com 2023-01-29 09:53 出处:网络
Our system uses a custom roles, and authentication system to Authenticate users. I am now looking into the service side validation/security.

Our system uses a custom roles, and authentication system to Authenticate users.

I am now looking into the service side validation/security. I want implement our custom Authentication, Authorization on the wcf too.

I have done some investigation, it looks like I could use t开发者_运维技巧he PrinciplePermission attribute on the contracts to allow/deny access. The default just calls the IsInRole method on the IPrinciple and the IsAuthenticated on the IIdentity.

So I have 2 questions:

  1. How do implement my own custom principle which has additional data/methods?
  2. How do I add addition checks to the PrinciplePermissions? e.g (IsExternal which will check if they are accessing the service from the intranet or internet [have a mechanism to monitor this already])

Thanks


After some experimenting I came up with a custom written solution:

I based my solution in Kyle McClellan's Authorisation Sample. I adapted the attributes to look at a custom class to retrieve the user.

To get around the async problem I loaded the user and his relevant data in the App.xaml prior to instantiating the MainPage, I then make use of a global singleton, which I called SecurityContext, to access user data.

The SecurityContext is an in-memory store of the user data that can be accessed clientside.

0

精彩评论

暂无评论...
验证码 换一张
取 消