Windows Vista Forums
Vista Forums Home Join Vista Forums Donate Vista Tutorials Tags

Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Microsoft Technical Newsgroups > Indigo

WCF Security

 
 
Thread Tools Display Modes
Old 09-06-2007   #1 (permalink)
BIESEMANS, Kurt
Guest


 

WCF Security

Hello,

I want to do some 'custom' security checking on the level of a WCF services
(.SVC file). Therefore I have the next entries defined in my WEB.CONFIG

<behaviors>
<serviceBehaviors>
<behavior name="CobBusinessServiceBehavior">
<serviceMetadata httpGetEnabled="true"
httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add
policyType="Cob.Framework.Utilities.Services.MessageAuthorizationPolicy,
Cob.Framework.Utilities" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
</behaviors>

<services>
<service behaviorConfiguration="CobBusinessServiceBehavior"
name="Cob.Tools.Security.ServiceModel.Services.Security">
<endpoint
behaviorConfiguration="CobBusinessEndPointBehavior" binding="netHttpBinding"
bindingConfiguration="netHttpBindingConfiguration"
name="ISecurityServiceContract"
contract="Cob.Tools.Security.ServiceModel.Contracts.ServiceContracts.ISecurityServiceContract"
/>
</service>
</services>

Currently my class MessageAuthorizationPolicy is empty (except some temp
code). It seems that I do not get into the constructor of this class. Anyone
an idea?

Regards
Kurt

Old 09-07-2007   #2 (permalink)
Priya
Guest


 

Re: WCF Security

Stupid question but,,are you sure you've defined a public constructor
for the policy? do u have a breakpoint on it?

Old 09-10-2007   #3 (permalink)
Kurt Biesemans
Guest


 

Re: WCF Security

Hello,

I didn't have a public contructor. Now I added on and indeed the code in the
constructor is executed when calling te service.

Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
method defined. When is this method called?

Kurt

"Priya" <priya.marwaha@xxxxxx> wrote in message
news:1189174999.140729.6930@xxxxxx
Quote:

> Stupid question but,,are you sure you've defined a public constructor
> for the policy? do u have a breakpoint on it?
>

Old 09-11-2007   #4 (permalink)
Priya
Guest


 

Re: WCF Security

This method will be called right before every call you make to the
actual web service operation. If the policy has enough data to
evaluate authorization it should return True from this method, else it
should return false. This is typically the place you set a custom
thread principal if you need to, where you evaluate claims or roles
etc.
On Sep 10, 8:02 pm, "Kurt Biesemans" <Kurt.Biesem...@xxxxxx>
wrote:
Quote:

> Hello,
>
> I didn't have a public contructor. Now I added on and indeed the code in the
> constructor is executed when calling te service.
>
> Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
> method defined. When is this method called?
>
> Kurt
>
> "Priya" <priya.marw...@xxxxxx> wrote in message
>
> news:1189174999.140729.6930@xxxxxx
>
>
>
Quote:

> > Stupid question but,,are you sure you've defined a public constructor
> > for the policy? do u have a breakpoint on it?- Hide quoted text -
>
> - Show quoted text -

Old 09-13-2007   #5 (permalink)
Kurt Biesemans
Guest


 

Re: WCF Security

Priya,

I have it working now. Indeed the intention is to have some 'custom'
security checking in the evaluate method. In our case people cannot make a
service call (access the .SVC file) if they don't have a role in the
application.

Kurt

"Priya" <priya.marwaha@xxxxxx> wrote in message
news:1189568497.341211.11400@xxxxxx
Quote:

> This method will be called right before every call you make to the
> actual web service operation. If the policy has enough data to
> evaluate authorization it should return True from this method, else it
> should return false. This is typically the place you set a custom
> thread principal if you need to, where you evaluate claims or roles
> etc.
> On Sep 10, 8:02 pm, "Kurt Biesemans" <Kurt.Biesem...@xxxxxx>
> wrote:
Quote:

>> Hello,
>>
>> I didn't have a public contructor. Now I added on and indeed the code in
>> the
>> constructor is executed when calling te service.
>>
>> Now I have implemented the IAuthorizationPolicy which has an 'Evaluate'
>> method defined. When is this method called?
>>
>> Kurt
>>
>> "Priya" <priya.marw...@xxxxxx> wrote in message
>>
>> news:1189174999.140729.6930@xxxxxx
>>
>>
>>
Quote:

>> > Stupid question but,,are you sure you've defined a public constructor
>> > for the policy? do u have a breakpoint on it?- Hide quoted text -
>>
>> - Show quoted text -
>
>
 

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Vista Security Center and Norton Internet Security 2008 PA Bear [MS MVP] Vista security 1 04-01-2008 05:47 AM
Network runs fine with open security and not with security Niffty Nev Vista security 4 01-26-2008 09:42 PM
Norton Internet Security 2008 and Vista's Security Center howardavatar Vista security 12 01-23-2008 10:03 PM
Security Matters — Microsoft 2006 Security Summits Provide Security Training for Detroit Businesses z3r010 Vista News 0 06-26-2006 09:02 AM
Security Matters — Microsoft 2006 Security Summits Provide Security Training for Detroit Businesses z3r010 Vista News 0 06-26-2006 09:01 AM








Vistax64.com is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media 2005-2008

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50