solution1:
You have to add authentication + authorization module in your services. Based on the service context + operation context + user authorization you should be able to restrict the access.
You may need to maintain some kind of roles + users in the database / in configuration xml file to maintain the authorized users list.
if you want to hide some methods in wcf please remove operation contract attribute from method
solution 2:
[PrincipalPermission(SecurityAction.Demand, Name = @"mithilla\Leena")] [PrincipalPermission(SecurityAction.Demand,Name=@"mithilla\tejas")] public List GetAllEmployees()
{
Conn.Open();
Cmd = new SqlCommand("Select * from Employee",Conn);
SqlDataReader Reader = Cmd.ExecuteReader();
List lstEmp = new List();
while (Reader.Read())
{
lstEmp.Add
(
new Employee()
{
EmpNo=Convert.ToInt32(Reader["EmpNo"]),
EmpName= Reader["EmpName"].ToString(),
Salary = Convert.ToInt32(Reader["Salary"]),
DeptNo = Convert.ToInt32(Reader["DeptNo"])
}
);
}
Cmd.Dispose();
Conn.Close();
return lstEmp;
}
ServiceContract]
public interface IService
{
[OperationContract]
List GetAllEmployees();
[OperationContract]
[FaultContract(typeof(CustomFaultMessage))]
void CreateEmployee(Employee objEmp);
}
In the above code, PrincipalPermission object defined on the methods specifies which user(s) are able to call OperationContract. In this the ‘GetAllEmployees()’ method is accessible to ‘Leena’ and ‘Tejas’ both, where as ‘CreateEmployee()’ method is accessible to only the user ‘Leena’. This implies that if the client application makes call using user ‘Tejas’ then the ‘CreateEmployee()’ method call will raise a security exception.
The configuration uses BasicHttpBinding with security mode as ‘TransportWithMessageCredentials’ which imples that the consumer of this WCF service must send credential (UserName and Password) while making the request. ClientCredentialType=Windows denotes that the credentials send by the sender will be verified against Windows.
For more :
http://www.dotnetcurry.com/showarticle.aspx?ID=592
You have to add authentication + authorization module in your services. Based on the service context + operation context + user authorization you should be able to restrict the access.
You may need to maintain some kind of roles + users in the database / in configuration xml file to maintain the authorized users list.
if you want to hide some methods in wcf please remove operation contract attribute from method
solution 2:
[PrincipalPermission(SecurityAction.Demand, Name = @"mithilla\Leena")] [PrincipalPermission(SecurityAction.Demand,Name=@"mithilla\tejas")] public List
Comments
Post a Comment