c# - Allow anonymous access to a single WCF service method -


i have wcf service message security , username credentials. of methods starting 

[principalpermission(securityaction.demand, role = conststrings.roles.admin)]

and these methods supposed called authenticated users.

i want add method called anonymous, receive error:

the username not provided. specify username in clientcredentials.

i loking similar mvc's [allowanonymous] attribute

one option implement own serviceauthorizationmanager , use own custom attribute rather principalpermission

basically, have inherit serviceauthorizationmanager. plug wcf pipeline adding following configuration web.config (assuming class called 'customauthorizationmanager' in org.namespace namespace.

<behaviors>   <servicebehaviors>     <behavior>       <!-- avoid disclosing metadata information, set value below false , remove metadata endpoint above before deployment -->       <servicemetadata httpgetenabled="true" />       <!-- receive exception details in faults debugging purposes, set value below true.  set false before deployment avoid disclosing exception information -->       <servicedebug includeexceptiondetailinfaults="true" />       <!--<serviceauthorization impersonatecallerforalloperations="true" />-->       <serviceauthorization serviceauthorizationmanagertype="org.namespace.customauthorizationmanager, org.namespace" />     </behavior>   </servicebehaviors> </behaviors>

in custom authorization class, have override checkaccesscore method shown below. in there can check custom attribute you've created (this ordinary .net attribute create whatever properties want).

    protected override bool checkaccesscore(operationcontext operationcontext)     {         string action = operationcontext.incomingmessageheaders.action;         dispatchoperation operation = operationcontext.endpointdispatcher.dispatchruntime.operations.firstordefault(o => o.action == action);         type hosttype = operationcontext.host.description.servicetype;         methodinfo method = hosttype.getmethod(operation.name);         var mycustomattributeonmethod = method.getcustomattributes(true).where(a => a.gettype() == typeof (mycustomattribute)).cast<mycustomattribute>();     .     .     .     }

now can inspect custom attribute , perform functions see fit. example, if custom attribute's "allowanonymous" flag set, might skip role check. otherwise, might user's windows identity , check in particular role.

and of course need decorate relevant methods custom attribute rather principalpermission.

to summarize, doing decorating methods own ordinary custom .net attribute provides information. i.e method allows anonymous, method requires role etc. etc. update web.config file tell wcf use own service authorization manager. implement own service authorization manager access method being called, inspect it's custom attribute , "yay" or "nay" accordingly.


Comments

Post a Comment

Popular posts from this blog

Android layout hidden on keyboard show -

i have strange problem layout. when tap on edittext , keyboard shown edittext stay on bottom , when tap on to hide keyboard , keyboard hides , edittext go should when want input text. when tap again, keyboard shown , edittext goes down behind keyboard... <relativelayout android:layout_width="match_parent" android:layout_height="match_parent" > <scrollview android:layout_width="match_parent" android:layout_height="fill_parent" android:above="@+id/rl_commands"> <textview android:layout_width="match_parent" android:layout_height="wrap_content"/> </scrollview> <relativelayout android:layout_width="match_parent android:layout_height="24dp" android:id="@+id/rl_commands" android:alignparentbottom="true">
Read more

google app engine - 403 Forbidden POST - Flask WTForms -

i have flask application running on google app engine. trying submit form built using wtform , keep getting following error. 403 forbidden: don't have permission access requested resource. either read-protected or not readable server. location.html (part of code) <form method=post action="/home/location"> .... <button type="submit" class="btn btn-primary" value="submit"> directions </button> </form> main.py @app.route('/home/location', methods=['post', 'get']) def location(): form = cfcdirections.direction(request.form) print(request.method) if request.method == 'post' , form.validate(): print("after if") directions = cfcdirections() street_no = directions.no street = directions.street suburb = directions.suburb postcode = directions.postcode
Read more

c - Why would PK11_GenerateRandom() return an error -8023? -

i looking through internet trying find source of pk11_generaterandom() function see why function fail. have program uses function when moved new flavor of linux, fails after forking ( fork() ) since not believe there problem nss, suspect doing incorrectly disregarded in older versions of linux new 1 there issue. the openssl package same on 'good' , 'bad' server: openssl 0.9.8e-fips-rhel5 01 jul nss rpm differs though. 'good' has nss-3.12.2.0-2.el5 and bas has version nss-3.15.3-4.el5_10 the 'good' server uses quite obsolete linux: linux 2.6.18-128.el5 #1 smp wed jan 21 08:45:05 est 2009 x86_64 x86_64 x86_64 gnu/linux enterprise linux enterprise linux server release 5.3 (carthage) red hat enterprise linux server release 5.3 (tikanga) the 'bad' server newer: linux bad 2.6.18-371.4.1.el5 #1 smp wed jan 29 11:05:49 pst 2014 x86_64 x86_64 x86_64 gnu/linux oracle linux server release 5.10 red hat enterprise linux server release
Read more