【问题标题】:Extending IPrincipal in WCF service with UseAspNetRoles principal permissions mode使用 UseAspNetRoles 主体权限模式扩展 WCF 服务中的 IPrincipal
【发布时间】:2014-03-03 07:03:42
【问题描述】:

在我的 WCF webservice web.config 中,我在 serviceBehaviors 下有以下内容:

<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="RoleProvider" />

这允许我使用 asp.net 角色提供程序并通过以下属性控制对 Web 服务调用的访问:

[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]

我想知道如何使用上述内容,并加入如​​下定义的自定义主体。

public class UserPrincipal : IPrincipal
{
    List<string> roleList = null;

    public const string ROLE_ADMIN         = "Admin";
    public const string ROLE_DATAENTRY     = "DataEntry";
    public const string ROLE_READONLY      = "ReadOnly";

    public UserPrincipal(IIdentity identity, string[] roles)
    {
        Identity = identity;            
        roleList = new List<string>(roles);      
    }

    public IIdentity Identity
    {
        get { return identity; }
    }

    public bool IsInRole(string role)
    {
        return roleList.Contains(role);
    }

    public bool CanEdit()
    {
        if (IsInRole(ROLE_ADMIN))
            return true;       
        else if (IsInRole(ROLE_DATAENTRY))
            return true;
        else 
            return false;
    }

    public bool CanView()
    {
        if (IsInRole(ROLE_ADMIN))
            return true;        
        else if (IsInRole(ROLE_DATAENTRY))
            return true;
        else if (IsInRole(ROLE_READONLY))
            return true;
        else
            return false;
    }

}

然后我想在服务方法中使用 CanView 和 CanEdit 调用。

我可以在 WCF 服务的哪个位置用我的扩展用户主体替换默认主体?

【问题讨论】:

    标签: c# asp.net wcf iis


    【解决方案1】:

    这是我想出的,以防其他人发现它有用。

    Web.config:

     <behaviors>
          <serviceBehaviors>
            <behavior name="customServiceBehaviour">
              <serviceAuthorization principalPermissionMode="Custom" >
                <authorizationPolicies>
                  <add policyType="Services.Host.CustomRolesPolicy, Services.Host" />
                </authorizationPolicies>            
              </serviceAuthorization>
            </behavior>            
          </serviceBehaviors>
      </behaviors>
    

    CustomRolesPolicy:

        public class CustomRolesPolicy : IAuthorizationPolicy
        {
                Guid id = Guid.NewGuid();
    
                public bool Evaluate(EvaluationContext evaluationContext, ref object state)
                {
                    // will hold the combined roles
                    List<string> roles = new List<string>();
    
                    // get the authenticated client identity
                    IIdentity client = GetClientIdentity(evaluationContext);
    
                    var config = new NameValueCollection();
    
    
                    config.Add("applicationName", "/application_name");
                    config.Add("connectionStringName", "APPSEC_ASPNET");                
    
                    var roleProvider = new CustomRoleProvider();
                    roleProvider.Initialize("CustomRoleProvider", config);
    
                    roles.AddRange(roleProvider.GetRolesForUser(client.Name));
    
    
                    evaluationContext.Properties["Principal"] =
                        new UserPrincipal(client, roles.ToArray());
    
    
                    return true;
                }
    
                public System.IdentityModel.Claims.ClaimSet Issuer
                {
                    get { return ClaimSet.System; }
                }
    
                public string Id
                {
                    get { return id.ToString(); }
                }
    
                private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
                {
                    object obj;
                    if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
                        throw new Exception("No Identity found");
    
                    IList<IIdentity> identities = obj as IList<IIdentity>;
                    if (identities == null || identities.Count <= 0)
                        throw new Exception("No Identity found");
    
                    return identities[0];
                }
    }
    

    【讨论】:

      猜你喜欢
      • 2010-10-27
      • 2020-12-27
      • 1970-01-01
      • 1970-01-01
      • 2020-05-28
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多