Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / March 2005

Tip: Looking for answers? Try searching our database.

Web Method Level Security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Dominick Baier [DevelopMentor] - 20 Feb 2005 10:33 GMT
In your custom UsernameTokenManager : construct a GenericPrincipal object - couple it with some application defined roles and attach the Principal object to Thread.CurrentPrincipal.

Afterwards you will be able to use the normal .NET Role based security infrastructure, e.g.

Thread.CurrentPrincipal.IsInRole()

or

PrincipalPermission.Demand

or

[PrincipalPermission]



---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

  nntp://news.microsoft.com/microsoft.public.dotnet.framework.webservices.enhancements/<TPKRd.596$ZB4.587@newsfe5-gui.ntli.net>

Hi,
I have a web service that has ten web methods associated with it. It
uses WSE2.0 implementation. I have a custom usernametoken manager. I want to
restrict which users use which method, without using WS-Policy (unless it is
simple to use). Any help greatly appreciated.

many thanks.





[microsoft.public.dotnet.framework.webservices.enhancements]
Reply to this Message
Sidd - 16 Mar 2005 18:43 GMT
You do not need to attach it to Thread.CurrentPrincipal. You could attach it
to the Principal object exposed from the UsernameToken.

Then in your code you can traverse through all the tokens, and when you find
the username token (after making sure that the same token signed and/or
encrypted the message if you are using a username token to sign or encrypt)
you can just access the usernameToken.Principal.IsInRole() to check for
roles.

Thanks,

Sidd [MSFT]

> In your custom UsernameTokenManager : construct a GenericPrincipal object - couple it with some application defined roles and attach the
Principal object to Thread.CurrentPrincipal.

>  Afterwards you will be able to use the normal .NET Role based security infrastructure, e.g.
>
[quoted text clipped - 11 lines]
>  Dominick Baier - DevelopMentor
>  http://www.leastprivilege.com

nntp://news.microsoft.com/microsoft.public.dotnet.framework.webservices.enhancements/<TPKRd.596$ZB4.587@newsfe5-gui.ntli.net>

>  Hi,
>  I have a web service that has ten web methods associated with it. It
[quoted text clipped - 5 lines]
>
>  [microsoft.public.dotnet.framework.webservices.enhancements]
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.