c# - Allow anonymous access to a single WCF service method -
i have wcf service message security , username credentials. of methods starting
[principalpermission(securityaction.demand, role = conststrings.roles.admin)]
and these methods supposed called authenticated users.
i want add method called anonymous, receive error:
the username not provided. specify username in clientcredentials.
i loking similar mvc's [allowanonymous]
attribute
one option implement own serviceauthorizationmanager
, use own custom attribute rather principalpermission
basically, have inherit serviceauthorizationmanager
. plug wcf pipeline adding following configuration web.config (assuming class called 'customauthorizationmanager' in org.namespace namespace.
<behaviors> <servicebehaviors> <behavior> <!-- avoid disclosing metadata information, set value below false , remove metadata endpoint above before deployment --> <servicemetadata httpgetenabled="true" /> <!-- receive exception details in faults debugging purposes, set value below true. set false before deployment avoid disclosing exception information --> <servicedebug includeexceptiondetailinfaults="true" /> <!--<serviceauthorization impersonatecallerforalloperations="true" />--> <serviceauthorization serviceauthorizationmanagertype="org.namespace.customauthorizationmanager, org.namespace" /> </behavior> </servicebehaviors> </behaviors>
in custom authorization class, have override checkaccesscore
method shown below. in there can check custom attribute you've created (this ordinary .net attribute create whatever properties want).
protected override bool checkaccesscore(operationcontext operationcontext) { string action = operationcontext.incomingmessageheaders.action; dispatchoperation operation = operationcontext.endpointdispatcher.dispatchruntime.operations.firstordefault(o => o.action == action); type hosttype = operationcontext.host.description.servicetype; methodinfo method = hosttype.getmethod(operation.name); var mycustomattributeonmethod = method.getcustomattributes(true).where(a => a.gettype() == typeof (mycustomattribute)).cast<mycustomattribute>(); . . . }
now can inspect custom attribute , perform functions see fit. example, if custom attribute's "allowanonymous" flag set, might skip role check. otherwise, might user's windows identity , check in particular role.
and of course need decorate relevant methods custom attribute rather principalpermission.
to summarize, doing decorating methods own ordinary custom .net attribute provides information. i.e method allows anonymous, method requires role etc. etc. update web.config file tell wcf use own service authorization manager. implement own service authorization manager access method being called, inspect it's custom attribute , "yay" or "nay" accordingly.
Comments
Post a Comment