Skip to main content

Authorization


This blog is a continuation of WCF security blog.

Authorization in WCF

Using Impersonation

1. Open the application that you created using WCF Security blog.

2. Let's say the application requires that the user who invokes a method is authorized to make changes to a file or write to a folder. To do this, we have to enable authorization. In the previous exercise we used the user, user2 to invoke the methods in the service. Let's now check if the user2 is authorized to write to a folder. 

3. Change the SubmitReview method in Service project as given below: 

void IProductService.SubmitReview(ProductReview pr)
{
   using (FileStream stream = new FileStream("lastMessage.xml", FileMode.Create, FileAccess.Write))
   {
     DataContractSerializer dcs = new DataContractSerializer(typeof(ProductReview));
     dcs.WriteObject(stream, pr);
   }
   Reviews.Add(pr);
}

4. Run and test the application. It should work alright now. This is because host process's identity (current user's identity) is used to invoke the SubmitReview method. To use the identity provided by the client's clientCredentials and to authorize based on the windows access control list, do the following changes to the service implementation. 

[OperationBehavior(Impersonation=ImpersonationOption.Required)]
void IProductService.SubmitReview(ProductReview pr)

5. Run and test the application again. Notice that this time it failed. Try providing access to User2 and execute the application again. 


Using Role Based Authorization

6. Create a user group in your computer and add users to the group. Use the instructions here.  

7. Do the following changes to the service implementation:

        //[OperationBehavior(Impersonation=ImpersonationOption.Required)]
        [PrincipalPermission(SecurityAction.Demand, Role="YourComputerName\\Customers")]
        void IProductService.SubmitReview(ProductReview pr)


8. Run and test. First, let the client use identity of users who are not in the group. Then, test with users who are in the group. If the user identity used by the client is not in the group then it should throw an exception on the client end. 

References and Links


Authentication and Authorization in WCF Services - Part 1 - https://msdn.microsoft.com/en-us/library/ff405740.aspx


Comments

Post a Comment

Popular posts from this blog

CUMIPMT and CUMPRINC function

CUMIPMT Cumulative interest payment function allows you to calculate the interest paid for a loan or from an investment from period A to period B. When getting a loan, CUMIPMT function can be used to calculate the total amount of interest paid in the first five months or from period 12 to period 20. A period can be a month, a week or two week. Loan Amount : 350,000.00 APR: 4.5% Down payment: 0.00 Years: 25 Payment per year: 12 From the above data, we can calculate the following: No of Period: 25 × 12 = 300 Periodic Rate: 4.5/12 = 0.375% Here is how you will substitute these values into the function. = CUMIPMT (periodic rate, No of period, vehicle price, start period, end period,  ) = CUMIPMT (0.375, 300, 350000, 1, 5, 0) In an excel worksheet, we use cell address instead of actual values as shown below: Here is the formula view of the worksheet: CUMPRINC Another related function is CUMPRINC. CUMPRINC function is used to calculate cumul
Post a Comment
Read more

Excel PMT Function

PMT function is very useful for calculating monthly payment required to payback a loan or mortgage at a fixed rate. This function require a minimum of three inputs, periodic rate, number of periods, present value or the loan amount. Here is a simple example. Home Loan: 350,000.00 Interest rate: 4.5% Number of years to repay the loan: 25 Note: To calculate monthly payment, we need to find the monthly rate and number of months as shown above. Then it is simply a matter of substituting the values into the payment function, as shown in the formula view below.
Post a Comment
Read more

BCG's Brand Advocacy Index

The Boston Consulting Group's (BCG) Brand Advocacy Index (BAI) is a metric developed to help companies measure the degree of customer advocacy for their brands. BAI focuses on the likelihood of customers to recommend a brand to others, which is a powerful indicator of brand strength and customer loyalty. Unlike other customer satisfaction or loyalty metrics, BAI emphasizes the importance of customer referrals and word-of-mouth marketing. BAI is calculated based on a survey where customers are asked about their willingness to recommend a brand to their friends, family, or colleagues. The responses are then used to compute a score, which ranges from -100 to 100. A higher BAI score indicates that a brand has more advocates who are likely to recommend the brand to others, while a lower score suggests that the brand has fewer advocates or even a higher number of detractors. BCG's research has shown that companies with higher BAI scores tend to experience higher growth rates and bett
Post a Comment
Read more