WCF中的PrincipalPermission身份验证出错

Question

I am following a Pluralsight video on Authentication .

I am trying to add simple PrinciplePermission authentication to my web service:

    [PrincipalPermission(SecurityAction.Demand, Role = "Computer\\Group")]
    public String testDBConnection()
    {
        return "success";  
    }

In my WCF client I am sending:

    client.ClientCredentials.UserName.UserName = "Alice";
    client.ClientCredentials.UserName.Password = "alice";

I have created the group and added Alice to it as per the video, but now....

I keep getting the error:

"Request for principal permission failed."

Any idea what's wrong?

Answer 1

You need some code to create the IPrincipal on the server when the request arrives.

The easiest way to do this is probably to use an ASP.NET RoleProvider , for which you need to configure a behaviour, eg:

<system.serviceModel>
  ...
  <behaviors>
     <serviceBehaviors>
       <behavior name=...>
           ...
          <serviceAuthorization principalPermissionMode="UseAspNetRoles"
                        roleProviderName="MyRoleProvider" />
        </behavior>
     </serviceBehaviors>
     ...

and:

<system.web>
  ...
  <roleManager enabled="true" defaultProvider="MyRoleProvider">
    <providers>
      <clear/>
      <add name="MyRoleProvider" 
      ...

If you configure a RoleProvider correctly in this way, then Thread.CurrentPrincipal will be set automagically, and it should work.

Answer 2

The principle object is a read only object that gets set as part of the security settings for your application upon loading. The way I was able to get around it was to create a class that inherits IPrincipal. You would need to do this in your WCF application.