I want to keep this as simple as possible, so I’m not posting any

Question

0

Editorial Team

Asked: May 24, 20262026-05-24T23:33:08+00:00 2026-05-24T23:33:08+00:00

I want to keep this as simple as possible, so I’m not posting any

0

I want to keep this as simple as possible, so I’m not posting any code,as it will probably just confuse things.

I have implemented security in my application using WCF’s role based authorisation.

Assume that I have 4 methods on my publicly exposed interface

GetPerson
DeletePerson
UpdatePerson
GetSurnameAndForename

I have attached the

[PrincipalPermission(SecurityAction.Demand,Role="POWERUSER")]

to the first 3, and the

[PrincipalPermission(SecurityAction.Demand,Role="GENERALUSER")]

to the final one.

This works fine, and prevents a ‘GENERALUSER’ from accessing the first 3 methods.

However the method GetSurnameAndForename internally calls the GetPerson method, which fails. I understand why it fails, but is there a preferred way to allow GetSurnameAndForename to call GetPerson withouth having the POWERUSER role ?

The only way I can think of doing this, is adding an extra check in the IsInRole method to check the CallStack to see if this call has come from an internal method, or an external call. This solution works, but it’s not very elegant.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T23:33:09+00:00

Editorial Team

2026-05-24T23:33:09+00:00Added an answer on May 24, 2026 at 11:33 pm

Yes there is very easy solution. Wrap the logic offered by GetPerson to private method and call that new method from both GetPerson and GetSurnameAndForename.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to keep this as simple as possible, so I’m not posting any

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply