Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Misc Newsgroups > Indigo

Vista - WCF Security

 
 
Old 09-06-2007   #1 (permalink)
BIESEMANS, Kurt


 
 

WCF Security

Hello,

I want to do some 'custom' security checking on the level of a WCF services
(.SVC file). Therefore I have the next entries defined in my WEB.CONFIG

<behaviors>
<serviceBehaviors>
<behavior name="CobBusinessServiceBehavior">
<serviceMetadata httpGetEnabled="true"
httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add
policyType="Cob.Framework.Utilities.Services.MessageAuthorizationPolicy,
Cob.Framework.Utilities" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
</behaviors>

<services>
<service behaviorConfiguration="CobBusinessServiceBehavior"
name="Cob.Tools.Security.ServiceModel.Services.Security">
<endpoint
behaviorConfiguration="CobBusinessEndPointBehavior" binding="netHttpBinding"
bindingConfiguration="netHttpBindingConfiguration"
name="ISecurityServiceContract"
contract="Cob.Tools.Security.ServiceModel.Contracts.ServiceContracts.ISecurityServiceContract"
/>
</service>
</services>

Currently my class MessageAuthorizationPolicy is empty (except some temp
code). It seems that I do not get into the constructor of this class. Anyone
an idea?

Regards
Kurt


My System SpecsSystem Spec
Old 09-07-2007   #2 (permalink)
Priya


 
 

Re: WCF Security

Stupid question but,,are you sure you've defined a public constructor
for the policy? do u have a breakpoint on it?

My System SpecsSystem Spec
Old 09-10-2007   #3 (permalink)
Kurt Biesemans


 
 

Re: WCF Security

Hello,

I didn't have a public contructor. Now I added on and indeed the code in the
constructor is executed when calling te service.

Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
method defined. When is this method called?

Kurt

"Priya" <priya.marwaha@xxxxxx> wrote in message
news:1189174999.140729.6930@xxxxxx
Quote:

> Stupid question but,,are you sure you've defined a public constructor
> for the policy? do u have a breakpoint on it?
>

My System SpecsSystem Spec
Old 09-11-2007   #4 (permalink)
Priya


 
 

Re: WCF Security

This method will be called right before every call you make to the
actual web service operation. If the policy has enough data to
evaluate authorization it should return True from this method, else it
should return false. This is typically the place you set a custom
thread principal if you need to, where you evaluate claims or roles
etc.
On Sep 10, 8:02 pm, "Kurt Biesemans" <Kurt.Biesem...@xxxxxx>
wrote:
Quote:

> Hello,
>
> I didn't have a public contructor. Now I added on and indeed the code in the
> constructor is executed when calling te service.
>
> Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
> method defined. When is this method called?
>
> Kurt
>
> "Priya" <priya.marw...@xxxxxx> wrote in message
>
> news:1189174999.140729.6930@xxxxxx
>
>
>
Quote:

> > Stupid question but,,are you sure you've defined a public constructor
> > for the policy? do u have a breakpoint on it?- Hide quoted text -
>
> - Show quoted text -

My System SpecsSystem Spec
Old 09-13-2007   #5 (permalink)
Kurt Biesemans


 
 

Re: WCF Security

Priya,

I have it working now. Indeed the intention is to have some 'custom'
security checking in the evaluate method. In our case people cannot make a
service call (access the .SVC file) if they don't have a role in the
application.

Kurt

"Priya" <priya.marwaha@xxxxxx> wrote in message
news:1189568497.341211.11400@xxxxxx
Quote:

> This method will be called right before every call you make to the
> actual web service operation. If the policy has enough data to
> evaluate authorization it should return True from this method, else it
> should return false. This is typically the place you set a custom
> thread principal if you need to, where you evaluate claims or roles
> etc.
> On Sep 10, 8:02 pm, "Kurt Biesemans" <Kurt.Biesem...@xxxxxx>
> wrote:
Quote:

>> Hello,
>>
>> I didn't have a public contructor. Now I added on and indeed the code in
>> the
>> constructor is executed when calling te service.
>>
>> Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
>> method defined. When is this method called?
>>
>> Kurt
>>
>> "Priya" <priya.marw...@xxxxxx> wrote in message
>>
>> news:1189174999.140729.6930@xxxxxx
>>
>>
>>
Quote:

>> > Stupid question but,,are you sure you've defined a public constructor
>> > for the policy? do u have a breakpoint on it?- Hide quoted text -
>>
>> - Show quoted text -
>
>
My System SpecsSystem Spec
 

Thread Tools


Similar Threads
Thread Forum
in DEPTH help on how to set up security for linksys WRT54G2 wireless routers security System Security
Security discussion regarding hubs, firewalls, anti-virus and Vista Security System Security
Norton Internet Security 2008 and Vista's Security Center Vista security
Security Matters — Microsoft 2006 Security Summits Provide Security Training for Detroit Businesses Vista News
Security Matters — Microsoft 2006 Security Summits Provide Security Training for Detroit Businesses Vista News


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46