Section 10.2. Authorization


10.2. Authorization

Authorization deals with what the caller is allowed to do, typically which operations the client is allowed to invoke on the service. Authorizing of the caller is done under the assumption that the caller is indeed who the caller claims to bein other words, authorization is meaningless without authentication. The service typically relies on some kind of a credentials store where callers are mapped to logical roles. When authorizing an operation, the operation declares or explicitly demands that only certain roles access it. The service needs to look up the caller's role or roles from the store and verify that the caller is a member of the requested roles. Out of the box WCF supports two credentials stores: the service can use Windows groups (and accounts) for authorization, or the service can use an ASP.NET provider (such as the SQL Server provider) to store user accounts and roles. WCF also supports custom role repositories, but I have found that the easiest option by far for implementing a custom store is to implement a custom ASP.NET provider. This chapter will address the ASP.NET providers at length later on.

WCF offers an elaborate and extensible infrastructure for authenticating and authorizing the caller based on a set of claims contained in the message. However, the discussion of this mechanism is beyond the scope of this book.





Programming WCF Services
Programming WCF Services
ISBN: 0596526997
EAN: 2147483647
Year: 2004
Pages: 148
Authors: Juval Lowy

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net