在PrincipalPermission上请求授权失败

Question

I've got a service some methods of which have PrincipalPermissionAttribute. I want to request authentication if check for principal has failed. For example:

[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
public string GetData()

If calling user is Administrator, service should return data. If calling user is not Administrator, service should request authentication and if it has failed, service should return 401 response. How can I do this?

Answer 1

Okay, I've managed to do this with a helper class:

internal static class UserPermissions
{
    public static bool CheckRole(Role role)
    {
        try {
            var p = new PrincipalPermission(null, role.ToString());
            p.Demand();
        }
        catch (SecurityException) {
            return false;
        }
        return true;
    }

    public static void AssertRole(Role role)
    {
        if (!CheckRole(role)) {
            throw new WebFaultException(HttpStatusCode.Unauthorized);
        }
    }
}

public enum Role
{
    Administrator,
    Customer
}

With such usage:

public class CustomerService : ICustomerService
{
        public List<Order> GetOrders()
        {
            UserPermissions.AssertRole(Role.Customer);
            // Code to get orders.
        }
}

So, I gave up the idea of ping-ponging authentication requests and just return 401 error instead.