在WCF服務與UseAspNetRoles主要權限模式擴展的IPrincipal

Question

在我的WCF web服務的web.config我已經下serviceBehaviors如下：

<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="RoleProvider" /> 

這讓我使用asp.net角色提供和控制訪問Web服務具有以下屬性要求：

[PrincipalPermission(SecurityAction.Demand, Role = "Admin")] 

我想知道我怎麼可以用上面的，並且也將自定義的主要定義如下。

public class UserPrincipal : IPrincipal 
{ 
    List<string> roleList = null; 

    public const string ROLE_ADMIN   = "Admin"; 
    public const string ROLE_DATAENTRY  = "DataEntry"; 
    public const string ROLE_READONLY  = "ReadOnly"; 

    public UserPrincipal(IIdentity identity, string[] roles) 
    { 
     Identity = identity;    
     roleList = new List<string>(roles);  
    } 

    public IIdentity Identity 
    { 
     get { return identity; } 
    } 

    public bool IsInRole(string role) 
    { 
     return roleList.Contains(role); 
    } 

    public bool CanEdit() 
    { 
     if (IsInRole(ROLE_ADMIN)) 
      return true;  
     else if (IsInRole(ROLE_DATAENTRY)) 
      return true; 
     else 
      return false; 
    } 

    public bool CanView() 
    { 
     if (IsInRole(ROLE_ADMIN)) 
      return true;   
     else if (IsInRole(ROLE_DATAENTRY)) 
      return true; 
     else if (IsInRole(ROLE_READONLY)) 
      return true; 
     else 
      return false; 
    } 

} 

我想在服務方法中使用CanView和CanEdit調用。

在WCF服務中，我可以用我的擴展用戶主體替換默認主體？

Answer 1

這是我想出的情況下，以防其他人發現它有用。

Web.config文件：

<behaviors> 
     <serviceBehaviors> 
     <behavior name="customServiceBehaviour"> 
      <serviceAuthorization principalPermissionMode="Custom" > 
      <authorizationPolicies> 
       <add policyType="Services.Host.CustomRolesPolicy, Services.Host" /> 
      </authorizationPolicies>    
      </serviceAuthorization> 
     </behavior>    
     </serviceBehaviors> 
    </behaviors> 

CustomRolesPolicy：

public class CustomRolesPolicy : IAuthorizationPolicy 
    { 
      Guid id = Guid.NewGuid(); 

      public bool Evaluate(EvaluationContext evaluationContext, ref object state) 
      { 
       // will hold the combined roles 
       List<string> roles = new List<string>(); 

       // get the authenticated client identity 
       IIdentity client = GetClientIdentity(evaluationContext); 

       var config = new NameValueCollection(); 


       config.Add("applicationName", "/application_name"); 
       config.Add("connectionStringName", "APPSEC_ASPNET");     

       var roleProvider = new CustomRoleProvider(); 
       roleProvider.Initialize("CustomRoleProvider", config); 

       roles.AddRange(roleProvider.GetRolesForUser(client.Name)); 


       evaluationContext.Properties["Principal"] = 
        new UserPrincipal(client, roles.ToArray()); 


       return true; 
      } 

      public System.IdentityModel.Claims.ClaimSet Issuer 
      { 
       get { return ClaimSet.System; } 
      } 

      public string Id 
      { 
       get { return id.ToString(); } 
      } 

      private IIdentity GetClientIdentity(EvaluationContext evaluationContext) 
      { 
       object obj; 
       if (!evaluationContext.Properties.TryGetValue("Identities", out obj)) 
        throw new Exception("No Identity found"); 

       IList<IIdentity> identities = obj as IList<IIdentity>; 
       if (identities == null || identities.Count <= 0) 
        throw new Exception("No Identity found"); 

       return identities[0]; 
      } 
}