How to authorize users against the SQL Role Provider

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

If you store role information in SQL Server, configure your application to use the SqlRoleProvider for authorization. The role provider allows you to load the roles for users without writing and maintaining custom code.

Use the following steps to enable SQL Server Role authorization to provide role-based authorization:
  1. Enable the Role provider as shown below and configure the connection string pointing to the role store in SQL server
…
<configuration>
…
<connectionStrings>
    <add name="MyLocalSQLServer"
         connectionString="Initial Catalog=aspnetdb;data source=Sqlserver;Integrated Security=SSPI;"

<system.web>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider" >
      <providers>
        <add name="MySqlRoleProvider"
             connectionStringName="MyLocalSQLServer"
             applicationName="MyAppName"
             type="System.Web.Security.SqlRoleProvider" />
      </providers>
    </roleManager>
<system.web>
  1. Configure the Service Behavior. Set the principalPermissionMode attribute as UseAspNetRoles and the roleProviderName attribute to MySqlRoleProvider.
…
<system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="BehaviorConfiguration">
          <serviceAuthorization principalPermissionMode="UseAspNetRoles"
            roleProviderName="MySqlRoleProvider" />          
         </behavior>
      </serviceBehaviors>
    </behaviors>
<services>
    <service behaviorConfiguration=" BehaviorConfiguration " name="MyService">
      <endpoint binding="wsHttpBinding" bindingConfiguration=""
        name="httpsendpoint" contract="IMyService2" />
     </service>
  </services>
  </system.serviceModel>
  1. Authorize windows groups declaratively by adding the PrincipalPermission attribute above each service method that requires authorization. Specify the Windows user group required to access the method in the Role field.
[PrincipalPermission(SecurityAction.Demand, Role = "accounting")]
public double Add(double a, double b)
{
    return a + b;
}

Additional Resources

Last edited May 8, 2008 at 12:48 AM by prashantbansode, version 1

Comments

No comments yet.