我有一个带有netTcp的WCF服务绑定超过100种方法,我想保护基于Windows用户组的所有方法。
我知道您可以在每个方法之前放置属性[PrincipalPermission(SecurityAction.Demand, Role = "MyWindowsUserGroup")]。
我是否需要针对每种方法单独执行此操作,或者是否有办法在默认情况下使用同一用户组保护服务中的每个方法?
答案 0 :(得分:1)
您可以在课程级别和方法中添加PrincipalPermission。
// Before:
public class AdministrationService : IAdminService
{
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Admin Service Admins")]
public bool DisableAdministrator(int userId)
{
}
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public bool DeleteAdministrator(int userId)
{
}
}
// After:
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public class AdministrationService : IAdminService
{
public bool DisableAdministrator(int userId)
{
}
public bool DeleteAdministrator(int userId)
{
}
}
如果您希望拥有多种类型的权限,也可以定义它的多个实例。
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Domain Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Power Users")]
public class AdministrationService : IAdminService
{
public bool DisableAdministrator(int userId)
{
}
public bool DeleteAdministrator(int userId)
{
}
}