[英]WCF PrincipalPermission Authorization
I'm trying to setup role authorization on each wcf web method. 我正在尝试在每个wcf网络方法上设置角色授权。
Maybe I'm doing something wrong but I just can't get the authorization to take place. 也许我做错了事,但是我无法获得授权。
I have a UserNamePasswordValidator that authorizes the user access to the service. 我有一个UserNamePasswordValidator,用于授权用户对服务的访问。
An authorization policy then gets the user roles and sets the principal against the evalutaionContext. 然后,授权策略获取用户角色,并针对evalutaionContext设置主体。 I have tried this with GenericPrincipal and my own CustomPrincipal.
我已经使用GenericPrincipal和我自己的CustomPrincipal进行了尝试。
However the web methods are always executed no matter the role. 但是,无论角色如何,始终执行Web方法。
AuthorizationPolicy 授权政策
class AuthorizationPolicy : IAuthorizationPolicy {
public bool Evaluate(EvaluationContext evaluationContext, ref object state) {
IIdentity client = GetClientIdentity(evaluationContext);
string[] roles = new string[1];
roles[0] = GetRoles(client);
GenericPrincipal newPrincipal = new GenericPrincipal(client, roles);
//CustomPrincipal newPrincipal = new CustomPrincipal(client, roles);
evaluationContext.Properties["Principal"] = newPrincipal;
return true;
}
private IIdentity GetClientIdentity(EvaluationContext evaluationContext) {
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
throw new Exception("No Identity found");
IList<IIdentity> identities = obj as IList<IIdentity>;
if (identities == null || identities.Count <= 0)
throw new Exception("No Identity found");
return identities[0];
}
How does PrincipalPermission link into the principal? PrincipalPermission如何链接到主体?
[OperationContract]
[WebInvoke(Method = "GET",
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/GetResults")]
[PrincipalPermission(SecurityAction.Demand, Role = "User")]
int? GetResults();
My CustomPrincipal has an IsInRole method, should I be doing something else to ensure the PrincipalPermission verifies the role? 我的CustomPrincipal有一个IsInRole方法,是否应该做其他事情以确保PrincipalPermission验证角色?
Ok, found my problem with this. 好的,发现我的问题了。 Bit stupid but I had the PrincipalPermssions in place on the interface whereas they need to be in place against the method.
有点愚蠢,但我在接口上放置了PrincipalPermssions,但是需要针对该方法放置它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.