If you store role information in Windows Groups, consider using the WCF PrincipalPermissionAttribute class for roles authorization

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Map Windows groups to WCF service methods using the WCF PrincipalPermission attribute. Incoming client username credentials will be mapped to its associated Windows groups. Service method access will be granted to user if the user is a member of the group associated with the service method being called.

The following example demonstrates how the WCF service “Add” will only run for users belonging to the “CalculatorClients” Windows group.

// Only members of the CalculatorClients group can call this method.
[PrincipalPermission(SecurityAction.Demand, Role = "CalculatorClients")]
public double Add(double a, double b)
    return a + b;

Last edited Apr 16, 2008 at 11:12 PM by prashantbansode, version 1


ploeh Sep 29, 2008 at 7:32 AM 
Nitpick: PrincipalPermissionAttribute is not a WCF class. It lives in the System.Security.Permissions namespace and have been around since .NET 1.0.