Home/ Questions/Q 3805976
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T14:45:47+00:00

I am creating a large ASP.NET 4 site which has a WCF service backend.

  • 0

I am creating a large ASP.NET 4 site which has a WCF service backend. I would like for the site to use the service for login and authorization.

Basically when the user gets to the login page, instead of using a membership provider I want the WCF service to be used as authentication mechanism.

The WCF service already uses Authentication and Authorization (with impersonation), so that clients of the service receive errors if they try to execute service methods they do not have permissions to.

The question is how do I tie this in with the ASP.NET site?

Here is some sample code that I am using:

Web Service Interface:

[ServiceContract]
public interface IService
{
    [OperationContract]
    bool Foo();

    [OperationContract]
    void Bar();
}

Web Service:

public class BackEndService : IService
{
    [PrincipalPermission(SecurityAction.Demand, Role="FooRole")]
    public bool Foo()
    {
        return false;
    }

    [PrincipalPermission(SecurityAction.Demand, Role="Bar")]
    public void Bar()
    {
        //...
    }
}

On the client:

public class LoginPage : Page
{
    public void LoginButton_Clicked(object sender, EventArgs e)
    {
        string username = TxtUsername.Value;
        string password = TxtPassword.Value;

        BackEndService client = new BackEndService();
        client.CleintCredentials.Username = username;
        client.ClientCredentials.Password = password;

        client.Foo(); //if the credentials supplied do not have permissions there will be error
        client.Bar();
    }
}

What I am aiming to achieve is to have some of the UI element’s functionality flagged with the PrincipalPermission attribute so that the user doesn’t have to make the trip to the service to discover that they do not have permissions.

Moreover, I’d like to have some of the UI elements being loaded/unloaded based on the user’s permissions.

Is it possible, or do I have to bake some logic into my service to return whichever UI modules the user can see? Is it possible the permissions to be handled through the service as though it is a Membership provider as it is the case with using PrincipalPermissionAttribute on UI element’s code behind?

Thanks,

<bleepzter/>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you want to use ASP.NET Membership, You’ll need to write your own Membership Provider to authenticate against your WCF service. You may need to add an operation to your WCF service to return a list of the roles the user belongs to. Then you can use the Membership class to determine if a user is a particular role, and hide/show UI elements as necessary.

    See http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx for more information about creating a membership provider.

    • 0