Exposing only some method to user depending on authentication/authorization

Question

Just learning WCf Security, and searched about how to expose only some methods to my client on the basis of authentication/authorization.
1) Like for admin application, service should expose all methods. But for User application same Service should expose some methods.
Or, 2) If admin logged in an application service should expose all methods and service exposes limited methods if usertype user(not admin) logged in same application.

I have read http://msdn.microsoft.com/en-us/library/ff405740.aspx but this one is Windows based authentication/authorization.

score 0 · Answer 1 · answered Mar 11 '14 at 15:05

You can't do that when you're defining Service Contract, but what can you do is split methods into new services: UserService and AdminService like this:

[ServiceContract]
public interface IUserService
{
    [OperationContract]
    void DoUserStuff();
}

[ServiceContract]
public interface IAdminService : IUserService
{
    [OperationContract]
    void DoAdminStuff();
}

and for example when the user is authenticated, based on his role you can send him URL of the specific service

[ServiceContract]
public interface IService
{
    [OperationContract]
    string Login(string username, string password); // it returns URL of UserService or AdminService
}

Exposing only some method to user depending on authentication/authorization

1 Answers1