ASP.NET

How do I implement Roles based security on web services RSS

1 reply

Last post Nov 06, 2012 02:09 AM by ozkary

‹ Previous Thread|Next Thread ›

- Reply
gandhibasnet

Member

8 Points

6 Posts

How do I implement Roles based security on web services

Nov 05, 2012 07:23 PM|LINK

I want to implement Role based security on my web service. I will have list of users and their roles on web.config. file.

I want my webservice in such a way that if the caller browses it, it should only display those web methods which he/she can access. Also while accessing web methods it should check whether that role can access the web method or not.

Thanks in advance.

Gandhi
- Reply
ozkary

Contributor

2034 Points

303 Posts

Re: How do I implement Roles based security on web services

Nov 06, 2012 02:09 AM|LINK

Hi, you will need to create a CustomUserNamePassword validator. This is a module that will be raised in the pipeline to authenticate the user and load the roles. read more here: http://msdn.microsoft.com/en-us/library/aa702565.aspx.

For configuration of this module see this blog: http://ozkary.blogspot.com/2012/11/wcf-service-configuration-visualized.html

You also need to check the permissions on the web service method. You can do this either with declarative or imperative security validation. More information can be found here:

http://wcfsecurity.codeplex.com/wikipage?title=What%E2%80%99s%20the%20difference%20between%20declarative%20and%20imperative%20roles%20authorization?

hope it helps

ozkary.blogspot.com
og-bit.com
- Marked as answer by haixia xie - msft on Nov 12, 2012 08:16 AM

‹ Previous Thread|Next Thread ›