问题
I have a WCF service which I would like to secure with windows domain groups. I do not want to include the PrincipalPermission attibute in the code!
I would like to call the services from a web application using the application pool identity. This identity would be checked to ensure that it is a member of the domain group securing the WCF service. All of this would be defined in config. This seems like a really neat solution, except ..... defining the domain group as securing the WCF service does not seem possible. Anyone got any ideas how I might do this.
I am using netTCPBinding (or named pipes but prefer the netTCP) and hosting the service in IIS within windows 2008.
回答1:
As per my understanding , you want to use imperative checking than declarative checking at design time.
If thats the case you can replace the declaration with an imperative checing in the method body like
PrincipalPermission checkPerminssions = new PrincipalPermission(
null, @"DomainName\WindowsGroup");
checkPerminssions .Demand();
You can also use IsInRole method using IPrincipal Interface.
However you can find more information at Authorization
I would love to know why you want to do that.
Hope this helps.
来源:https://stackoverflow.com/questions/8513454/wcf-security-with-domain-groups