I have a WCF service, hosted in a WindowService, using nettcpbinding in which I want to perform check in the C# code if the sender belongs to a specific AD group.
Is it possible? if so, how?
Asked
Active
Viewed 297 times
0
-
It is possible but the implementation depends on the application topology (for example, how is the service hosted: IIS, Windows Service, Console application e.t.c., is the client accessing the service in the same network/domain, is the windows authentication Kerberos or NTLM e.t.c.). – Ionut Ungureanu May 15 '17 at 09:43
-
@lonut Ungureanu - WindowsService (updated the question) – Joezer May 15 '17 at 10:07
1 Answers
1
Well assuming that the WCF client and server are on the same domain, you could do something like that:
On the client side, you allow using the windows identity to authenticate the client:
using System.Security.Principal;
....
ServiceReference.ServiceClient client = new ServiceReference.ServiceClient();
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Identification;
On the server side, you retrive the caller windows identity and test if it belongs to the group:
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
WindowsPrincipal windowsPrincipal = new WindowsPrincipal(callerWindowsIdentity);
var isInRole = windowsPrincipal.IsInRole("Users");
Ionut Ungureanu
- 1,020
- 1
- 13
- 16