Does WCF have an equivalent of MVC's [Authorize] attribute?

I want to decorate certain Operation Contracts with an attribute to authorize the caller by custom logic, something like this:

public class Service1
    [Authorize] // ?? this should make sure only admins can call this method
    public List<SampleItem> GetCollection()
        return new List<SampleItem>() { new SampleItem("Only Admins see me") };

The [Authorize] should check if the caller is entitled to call this operation; if not - it should return an error fault.



Not out of the box - but WCF top-guru Juval Löwy had a very interesting article in MSDN Magazine about Declarative WCF Security which goes in the same direction.

Juval identified several key security scenarios, and wrapped each of them up into a WCF service behavior to be applied as an attribute on your service class on the server side. Quite an interesting read indeed !

WCF doesn't have any special attribute for this purpose but you can use PrincipalPermissionAttribute - common approach for declarative role-based security in .NET.

In my WCF application, I've largely overrided all the default authentication and authorization stuff, and I use some custom processing of the PrincipalPermissionAttribute to check my custom security permissions.

I have some code snippits of how I did this in this post: .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

Need Your Help

Differentiate between two Xcode targets with Swift

ios xcode swift

How can I differentiate between two Xcode targets with Swift? The idea is to make a free and a paid version of an app with the same code base in Xcode.

Visual Studio keyboard generates wrong characters

visual-studio visual-studio-2008 keyboard key-bindings

Every now and then my keyboard in Visual Studio starts to behave wrongly. For example Shift + 3 inserts a pound symbol instead of a hash #. Shift + \ inserts a tilde ~ instead of a pipe |. When ...