Windows Communication Foundation provides tons of methods to
authenticate users' check for authorization based on service type and it is quite confusing to implement simple form based authentication and
role based authorization for WCF REST 4.0.
Note: This article assumes that WCF REST service is hosted with ASP.NET application and shares the same web.config. Make sure that Form Authentication is enabled in web.config file.
Something like this
But even though after user is authenticated using Membership provider and
The reason for that is because principal permission attribute checks for
To solve this problem, we have to create a Custom Principal and Authorization Policy for WCF Service. Then this Policy will be hooked with WCF REST Service using
For detailed code follow my post codeproject.com written sometime back.
Note: This article assumes that WCF REST service is hosted with ASP.NET application and shares the same web.config. Make sure that Form Authentication is enabled in web.config file.
Something like this
WebGet(UriTemplate = "")] [PrincipalPermission(SecurityAction.Demand, Role="Admin")] public List<SampleItem> GetCollection(){}
But even though after user is authenticated using Membership provider and
HTTPContext.Current.User.Identity
and the context is available at service level, the principal permission attribute always throws a security exception.The reason for that is because principal permission attribute checks for
System.Threading.Thread.CurrentPrincipal.Identity
and not for HTTPContext
Identity. To solve this problem, we have to create a Custom Principal and Authorization Policy for WCF Service. Then this Policy will be hooked with WCF REST Service using
ServiceBehaviour
.For detailed code follow my post codeproject.com written sometime back.