1

I create a simple wcf service with webhttpbinding as you can see :

    [OperationContract]
    [WebInvoke(Method = "GET", UriTemplate = "/Data/{data}")]
    string GetData(string data);

and the implementation :

   public string GetData(string value)
        {

                return string.Format("You entered: {0}", value);

        }

I want to create a custom authorization and authentication about 2 weeks but i can't.i googled a lot ,but i can find authentication for wshttpbinding not webhttpbinding .

My recent question that describe main problem :

My authorize custom function in wcf doesn't execute .Should i define it in webconfig?

My CustomAuthorizationPolicy.Evaluate() method never fires

Ehsan Akbar
  • 6,977
  • 19
  • 96
  • 180

1 Answers1

2

You can implement the ServiceAuthorizationManager to provide authorization to your WCF service with webhttpbinding.

Your code could look similar to this:

public class CustomAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {
        try
        {
            ServiceSecurityContext securityContext = operationContext.ServiceSecurityContext;
            WindowsIdentity callingIdentity = securityContext.WindowsIdentity;

            WindowsPrincipal principal = new WindowsPrincipal(callingIdentity);
            return principal.IsInRole("Administrators");
        }
        catch (Exception)
        {
            return false;
        }
    }
}

Then register your custom ServiceAuthorizationManager in the web.config file:

<serviceBehaviors>
  <behavior name="ServiceBehaviour">
    <serviceMetadata httpsGetEnabled="true"/>
    <serviceAuthorization serviceAuthorizationManagerType="YourNamespace.CustomAuthorizationManager, YourAssemblyName"/>
  </behavior>
</serviceBehaviors>
S.Dav
  • 2,436
  • 16
  • 22