Question

在我的WCF webservice web.config中，我在serviceBehaviors下面有以下内容：

<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="RoleProvider" />

这允许我使用asp.net角色提供程序并使用以下属性控制对Web服务调用的访问：

[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]

我想知道如何使用上述内容并且还包含如下定义的自定义主体。

public class UserPrincipal : IPrincipal
{
    List<string> roleList = null;

    public const string ROLE_ADMIN         = "Admin";
    public const string ROLE_DATAENTRY     = "DataEntry";
    public const string ROLE_READONLY      = "ReadOnly";

    public UserPrincipal(IIdentity identity, string[] roles)
    {
        Identity = identity;            
        roleList = new List<string>(roles);      
    }

    public IIdentity Identity
    {
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roleList.Contains(role);
    }

    public bool CanEdit()
    {
        if (IsInRole(ROLE_ADMIN))
            return true;       
        else if (IsInRole(ROLE_DATAENTRY))
            return true;
        else 
            return false;
    }

    public bool CanView()
    {
        if (IsInRole(ROLE_ADMIN))
            return true;        
        else if (IsInRole(ROLE_DATAENTRY))
            return true;
        else if (IsInRole(ROLE_READONLY))
            return true;
        else
            return false;
    }

}

然后我想在服务方法中使用CanView和CanEdit调用。

在WCF服务中，我可以用扩展用户主体替换默认主体吗？

Answer 1

这是我想出的，以防其他人发现它有用。

的Web.config：

 <behaviors>
      <serviceBehaviors>
        <behavior name="customServiceBehaviour">
          <serviceAuthorization principalPermissionMode="Custom" >
            <authorizationPolicies>
              <add policyType="Services.Host.CustomRolesPolicy, Services.Host" />
            </authorizationPolicies>            
          </serviceAuthorization>
        </behavior>            
      </serviceBehaviors>
  </behaviors>

CustomRolesPolicy：

    public class CustomRolesPolicy : IAuthorizationPolicy
    {
            Guid id = Guid.NewGuid();

            public bool Evaluate(EvaluationContext evaluationContext, ref object state)
            {
                // will hold the combined roles
                List<string> roles = new List<string>();

                // get the authenticated client identity
                IIdentity client = GetClientIdentity(evaluationContext);

                var config = new NameValueCollection();


                config.Add("applicationName", "/application_name");
                config.Add("connectionStringName", "APPSEC_ASPNET");                

                var roleProvider = new CustomRoleProvider();
                roleProvider.Initialize("CustomRoleProvider", config);

                roles.AddRange(roleProvider.GetRolesForUser(client.Name));


                evaluationContext.Properties["Principal"] =
                    new UserPrincipal(client, roles.ToArray());


                return true;
            }

            public System.IdentityModel.Claims.ClaimSet Issuer
            {
                get { return ClaimSet.System; }
            }

            public string Id
            {
                get { return id.ToString(); }
            }

            private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
            {
                object obj;
                if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
                    throw new Exception("No Identity found");

                IList<IIdentity> identities = obj as IList<IIdentity>;
                if (identities == null || identities.Count <= 0)
                    throw new Exception("No Identity found");

                return identities[0];
            }
}

使用UseAspNetRoles主体权限模式在WCF服务中扩展IPrincipal

1 个答案: