How to do Role based authentication in WCF using Windows authentication (Active Directory)?

Question

I have a requirement where request shall be authenticated using Windows authentication (Active Directory). There shall be 2 roles defined. The roles shall be mapped to the user groups in the Active Directory.

score 4 · Accepted Answer · answered Nov 17 '11 at 13:01

4

Use PrincipalPermissionAttribute:

[PrincipalPermission(SecurityAction.Demand, Role = "MySpecialGroup")]
void SomeMethod()
{
   // Some Code
}

The role name is the AD group name.

If you need more control you can use PrincipalPermission:

void SomeMethod()
{
  if(!this.IsOwnedByCurrentUser())
  {
    PrincipalPermission pp = new PrincipalPermission(null, "SomeSpecialGroup");
    pp.Demand();
  }
}

answered Nov 17 '11 at 13:01

Anders Abel

67,989
17
150
217

Is it just adding attribute to the method is enough or do i need to do any conditional check? – user995099 Nov 18 '11 at 10:11
Adding `PrincipalPermissionAttribute` is enough. If anyone which is not member of MySpecialGroup calls `SomeMethod` a security exception is thrown. – Anders Abel Nov 18 '11 at 13:02
Could you please answer http://stackoverflow.com/questions/9588265/understanding-wcf-windows-authentication ? – LCJ Mar 06 '12 at 18:15

How to do Role based authentication in WCF using Windows authentication (Active Directory)?

1 Answers1