2

I am looking at securing some WCF services using WIF, and have read within the Identity Training Kit from Microsoft, within exercise 1, "Furthermore, you can expect developers to assign conditions via Code Access Security style calls (i.e. decorating via attributes and so on). Both capabilities will require some coding support" (midway through this article: http://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse/WebServicesAndIdentity/WebServicesAndIdentityLab/Exercise-1-Using-Windows-Identity-Foundation-to-Handle-Authentication-and-Authorization-in-a-WCF-Ser )

However I'm unable to find any documentation regarding how to implement a solution that makes use of this decoration approach. I don't really have any need for using the claims within the actual WCF method or business logic, but simply want to use WIF/STS to secure access to the method. Any tips on whether this is the best approach, and how to secure methods using decorations would be appreciated.

agf
  • 171,228
  • 44
  • 289
  • 238
hitch
  • 899
  • 1
  • 11
  • 26

2 Answers2

2

I think you can take a look at PostSharp. You can implement your cross cutting concerns using AOP and then apply them as attributes to decorate your methods. So your checks would be isolated in well knows places and the business methods would have specified in the security attributes the claims required to execute those methods.

Or, for simple cases, you can use this (I think you were referring to these):

[ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Operation1", Resource = "Resource1")]
DaeMoohn
  • 1,087
  • 13
  • 27
  • The ClaimsPrincipalPermission was exactly what I was after - not documented well within the WIF samples, but once you know what you're looking for, there is quite a bit of material on the web. – hitch Apr 28 '11 at 01:07
1

You can also implement an IOperationInvoker. Attribute your contract, and implement with a behavior. Spin through the channels and endpoints at startup, reflect on your operations for attributes on the methods and/or parameters to setup your checks. Then apply the checks when the operation is invoked.

There are a couple of good articles around. Though I can only find the one below.

http://msdn.microsoft.com/en-us/magazine/cc163302.aspx

sjz
  • 11
  • 2