Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Nov 06, 2012 02:09 AM by ozkary
Nov 05, 2012 07:23 PM|LINK
I want to implement Role based security on my web service. I will have list of users and their roles on web.config. file.
I want my webservice in such a way that if the caller browses it, it should only display those web methods which he/she can access. Also while accessing web methods it should check whether that role can access the web method or not.
Thanks in advance.
Nov 06, 2012 02:09 AM|LINK
Hi, you will need to create a CustomUserNamePassword validator. This is a module that will be raised in the pipeline to authenticate the user and load the roles. read more here: http://msdn.microsoft.com/en-us/library/aa702565.aspx.
For configuration of this module see this blog: http://ozkary.blogspot.com/2012/11/wcf-service-configuration-visualized.html
You also need to check the permissions on the web service method. You can do this either with declarative or imperative security validation. More information can be found here:
hope it helps