WCF supports
three basic authorization approaches:
Identity-based: WCF supports an Identity Model feature, which is an extension of rolebased authorization. Identity Model enables you to manage claims and policies in order to authorize clients. With this approach, you can verify claims contained within the authenticated users’ credentials. These claims can be compared with the set of
Resource-based. Individual resources are secured by using Windows access control lists (ACLs). The WCF service impersonates the caller prior to accessing resources, which allows the operating system to perform standard access checks. All resource access is performed
by using the original caller’s security context. This impersonation approach severely impacts application scalability, because it means that connection pooling cannot be used effectively within the application’s middle tier.
Role-based:
Access to WCF operations is secured based on the role membership of the caller. Roles
are used to partition your application’s user base into sets of users that
share
the same
security privileges within the application; for example, Senior Managers,Managers, and
Employees .Users are mapped to roles, and if the user is authorized to perform the
requested operation, the application uses fixed identities with which to access
resources. These
identities are trusted by the respective resource managers
for example Database,File system..
[PrincipalPermission(SecurityAction.Demand,
Role="Admin")]
public string GetData(int
value)
{
return
string.Format("Your
Return: {0}", value);
}
Identity-based: WCF supports an Identity Model feature, which is an extension of rolebased authorization. Identity Model enables you to manage claims and policies in order to authorize clients. With this approach, you can verify claims contained within the authenticated users’ credentials. These claims can be compared with the set of
authorization
policies for the WCF service. Depending on the claims provided by the client,the service can
either grant or deny access to the operation or resources. Identity Model is useful for
fine-grained authorization and is most beneficial when using issue token
authentication.
Resource-based. Individual resources are secured by using Windows access control lists (ACLs). The WCF service impersonates the caller prior to accessing resources, which allows the operating system to perform standard access checks. All resource access is performed
by using the original caller’s security context. This impersonation approach severely impacts application scalability, because it means that connection pooling cannot be used effectively within the application’s middle tier.
In
enterprise-level applications where scalability is essential, a role-based or
identity based approach to
authorization represents the best choice. For small-scale intranet applications
that serve per-user
content from resources (such as files) that can be secured with Windows ACLs
NB:Example will be posted later
No comments:
Post a Comment