在我的WCF webservice web.config中,我在serviceBehaviors下面有以下内容:
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="RoleProvider" />
这允许我使用asp.net角色提供程序并使用以下属性控制对Web服务调用的访问:
[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]
我想知道如何使用上述内容并且还包含如下定义的自定义主体。
public class UserPrincipal : IPrincipal
{
List<string> roleList = null;
public const string ROLE_ADMIN = "Admin";
public const string ROLE_DATAENTRY = "DataEntry";
public const string ROLE_READONLY = "ReadOnly";
public UserPrincipal(IIdentity identity, string[] roles)
{
Identity = identity;
roleList = new List<string>(roles);
}
public IIdentity Identity
{
get { return identity; }
}
public bool IsInRole(string role)
{
return roleList.Contains(role);
}
public bool CanEdit()
{
if (IsInRole(ROLE_ADMIN))
return true;
else if (IsInRole(ROLE_DATAENTRY))
return true;
else
return false;
}
public bool CanView()
{
if (IsInRole(ROLE_ADMIN))
return true;
else if (IsInRole(ROLE_DATAENTRY))
return true;
else if (IsInRole(ROLE_READONLY))
return true;
else
return false;
}
}
然后我想在服务方法中使用CanView和CanEdit调用。
在WCF服务中,我可以用扩展用户主体替换默认主体吗?
答案 0 :(得分:1)
这是我想出的,以防其他人发现它有用。
的Web.config:
<behaviors>
<serviceBehaviors>
<behavior name="customServiceBehaviour">
<serviceAuthorization principalPermissionMode="Custom" >
<authorizationPolicies>
<add policyType="Services.Host.CustomRolesPolicy, Services.Host" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
</behaviors>
CustomRolesPolicy:
public class CustomRolesPolicy : IAuthorizationPolicy
{
Guid id = Guid.NewGuid();
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// will hold the combined roles
List<string> roles = new List<string>();
// get the authenticated client identity
IIdentity client = GetClientIdentity(evaluationContext);
var config = new NameValueCollection();
config.Add("applicationName", "/application_name");
config.Add("connectionStringName", "APPSEC_ASPNET");
var roleProvider = new CustomRoleProvider();
roleProvider.Initialize("CustomRoleProvider", config);
roles.AddRange(roleProvider.GetRolesForUser(client.Name));
evaluationContext.Properties["Principal"] =
new UserPrincipal(client, roles.ToArray());
return true;
}
public System.IdentityModel.Claims.ClaimSet Issuer
{
get { return ClaimSet.System; }
}
public string Id
{
get { return id.ToString(); }
}
private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
throw new Exception("No Identity found");
IList<IIdentity> identities = obj as IList<IIdentity>;
if (identities == null || identities.Count <= 0)
throw new Exception("No Identity found");
return identities[0];
}
}