SlideShare una empresa de Scribd logo

Implement Role Based Security Using Windows Groups In Wcf

Neeraj Kaushik
Neeraj Kaushik

document entails practical implementation of role based authorization through windos group.

1 de 5
Descargar para leer sin conexión
http://dotnetdlr.com Implement Role based security using Windows Groups in WCF This is third blog on security concept in WCF. You can read previous posts: Something about Security in WCF- I Implement windows authentication and security in WCF Service Today I’ll describe how we can implement role based authorization using Windows Group. In this case you will not need to maintain any information in database because roles are managing through windows group. Step1: Create Windows Group MarketServiceSuperUser in “Windows Users and Groups” in control panel. This group will be treated as roles in application. Step2: Add users to windows Group. In this case user will be member of this group.
http://dotnetdlr.com Step 3: Implement Role based security in Service side. The principal in .NET is any object that implements the IPrincipal interface, defined in the System.Security.Principal namespace: public interface IPrincipal { IIdentity Identity {get;} bool IsInRole(string role); }
http://dotnetdlr.com The IsInRole() method simply returns true if the identity associated with this principal is a member of the specified role, and false otherwise. Programmatic Implementation public double GetMarketPrice(string symbol) { IPrincipal principal = Thread.CurrentPrincipal; if (!principal.IsInRole("MarketServiceSuperUser")) throw new AuthenticationException("Access Denied"); GetServiceContext(); //TODO: Fetch market price //sending hardcode value if (!symbol.EndsWith(".NSE")) throw new FaultException( new ValidationException { ValidationError = "Symbol is not valid" }, new FaultReason("Validation Failed")); //send real price return 34.4d; } Principal object contains caller’s identity and can be check if role is valid for this user. If Client user is not member of windows group then IsInRole will return false. Declarative Implementation Above behavior can also be implemented by PrincipalPermission attribute which take SecurityAction enum and role name. [PrincipalPermission(SecurityAction.Demand, Role = "MarketServiceSuperUser")] public double GetMarketPrice(string symbol) { //sending hardcode value if (!symbol.EndsWith(".NSE")) throw new FaultException(new
http://dotnetdlr.com ValidationException { ValidationError = "Symbol is not valid" }, new FaultReason("Validation Failed")); //send real price return 34.4d; } Step 4: Run Client Application  Run with User which are not member of MarketServiceSuperUser. static void Main(string[] args) { try { Console.WriteLine("Connecting to Service.."); var proxy = new ServiceClient(new NetTcpBinding(), new EndpointAddress("net.tcp://localhost:8000/MarketService")); proxy.ClientCredentials.Windows.ClientCredential.Domain = "domainuser"; proxy.ClientCredentials.Windows.ClientCredential.UserName = "MarketServiceUser"; proxy.ClientCredentials.Windows.ClientCredential.Password = "123456"; Console.WriteLine("MSFT Price:{0}", proxy.GetMarketPrice("MSFT.NSE")); Console.WriteLine("Getting price for Google"); double price = proxy.GetMarketPrice("GOOG.NASDAQ"); } catch (FaultException ex) { Console.WriteLine("Service Error:" + ex.Detail.ValidationError); } catch (Exception ex) { Console.WriteLine("Service Error:" + ex.Message); } Console.ReadLine(); } In above code client will call with user which is member of MarketServiceSuperUser, service will authorize to access resources in service.  Run with User which are not member of MarketServiceSuperUser. proxy.ClientCredentials.Windows.ClientCredential.Domain = "domainuser"; proxy.ClientCredentials.Windows.ClientCredential.UserName = "MarketServiceInvalidUser"; proxy.ClientCredentials.Windows.ClientCredential.Password = "123456"; In this case SecurityAccessDeniedException will generate with “Access Denied” message.
http://dotnetdlr.com I hope this post brief you about implementation of role base security using windows group.

Recomendados

Concurrent Collections Object In Dot Net 4
Concurrent Collections Object In Dot Net 4Concurrent Collections Object In Dot Net 4
Concurrent Collections Object In Dot Net 4
Neeraj Kaushik
 
E valuate brochure
E valuate brochureE valuate brochure
E valuate brochure
Jennifer Pricci
 
El corporate brochure
El corporate brochureEl corporate brochure
El corporate brochure
Jennifer Pricci
 
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide) Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Jennifer Pricci
 
Edison learning cms_manual
Edison learning cms_manualEdison learning cms_manual
Edison learning cms_manual
Jennifer Pricci
 
Implement Search Screen Using Knockoutjs
Implement Search Screen Using KnockoutjsImplement Search Screen Using Knockoutjs
Implement Search Screen Using Knockoutjs
Neeraj Kaushik
 
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specificationImplementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Neeraj Kaushik
 
No sql
No sqlNo sql
No sql
Neeraj Kaushik
 

Recomendados

Concurrent Collections Object In Dot Net 4
Concurrent Collections Object In Dot Net 4Concurrent Collections Object In Dot Net 4
Concurrent Collections Object In Dot Net 4
Neeraj Kaushik
 
E valuate brochure
E valuate brochureE valuate brochure
E valuate brochure
Jennifer Pricci
 
El corporate brochure
El corporate brochureEl corporate brochure
El corporate brochure
Jennifer Pricci
 
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide) Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Press Placement; Tri-Town News (Benefit Concert to Shine Light on Teen Suicide)
Jennifer Pricci
 
Edison learning cms_manual
Edison learning cms_manualEdison learning cms_manual
Edison learning cms_manual
Jennifer Pricci
 
Implement Search Screen Using Knockoutjs
Implement Search Screen Using KnockoutjsImplement Search Screen Using Knockoutjs
Implement Search Screen Using Knockoutjs
Neeraj Kaushik
 
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specificationImplementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Implementation of fix messages for fix 5.0 sp2 and fixt1.1 specification
Neeraj Kaushik
 
No sql
No sqlNo sql
No sql
Neeraj Kaushik
 
C-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression CalculatorC-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression Calculator
Neeraj Kaushik
 
Bob burgeronlinepresskit
Bob burgeronlinepresskitBob burgeronlinepresskit
Bob burgeronlinepresskit
Jennifer Pricci
 
Z100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilitiesZ100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilities
Jennifer Pricci
 
Parallel Programming With Dot Net
Parallel Programming With Dot NetParallel Programming With Dot Net
Parallel Programming With Dot Net
Neeraj Kaushik
 
New Directions in Project Management
New Directions in Project ManagementNew Directions in Project Management
New Directions in Project Management
guestbb073ee
 
Sell your house-patrick_parker_realty
Sell your house-patrick_parker_realtySell your house-patrick_parker_realty
Sell your house-patrick_parker_realty
Jennifer Pricci
 
Multithreading Presentation
Multithreading PresentationMultithreading Presentation
Multithreading Presentation
Neeraj Kaushik
 
How to place orders through FIX Message
How to place orders through FIX MessageHow to place orders through FIX Message
How to place orders through FIX Message
Neeraj Kaushik
 
Futures_Options
Futures_OptionsFutures_Options
Futures_Options
Neeraj Kaushik
 
Linq Introduction
Linq IntroductionLinq Introduction
Linq Introduction
Neeraj Kaushik
 
Quick Fix Sample
Quick Fix SampleQuick Fix Sample
Quick Fix Sample
Neeraj Kaushik
 
DotNet & Sql Server Interview Questions
DotNet & Sql Server Interview QuestionsDotNet & Sql Server Interview Questions
DotNet & Sql Server Interview Questions
Neeraj Kaushik
 
Design UML diagrams
Design UML diagramsDesign UML diagrams
Design UML diagrams
Neeraj Kaushik
 
Design UML diagrams
Design UML diagramsDesign UML diagrams
Design UML diagrams
Neeraj Kaushik
 

Más contenido relacionado

Destacado

C-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression CalculatorC-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression Calculator
Neeraj Kaushik
 
Bob burgeronlinepresskit
Bob burgeronlinepresskitBob burgeronlinepresskit
Bob burgeronlinepresskit
Jennifer Pricci
 
Z100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilitiesZ100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilities
Jennifer Pricci
 
Sell your house-patrick_parker_realty
Sell your house-patrick_parker_realtySell your house-patrick_parker_realty
Sell your house-patrick_parker_realty
Jennifer Pricci
 

Destacado (7)

C-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression CalculatorC-Sharp Arithmatic Expression Calculator
C-Sharp Arithmatic Expression Calculator
 
Bob burgeronlinepresskit
Bob burgeronlinepresskitBob burgeronlinepresskit
Bob burgeronlinepresskit
 
Z100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilitiesZ100 clearchannelgeneralcapabilities
Z100 clearchannelgeneralcapabilities
 
Parallel Programming With Dot Net
Parallel Programming With Dot NetParallel Programming With Dot Net
Parallel Programming With Dot Net
 
New Directions in Project Management
New Directions in Project ManagementNew Directions in Project Management
New Directions in Project Management
 
Sell your house-patrick_parker_realty
Sell your house-patrick_parker_realtySell your house-patrick_parker_realty
Sell your house-patrick_parker_realty
 
Multithreading Presentation
Multithreading PresentationMultithreading Presentation
Multithreading Presentation
 

Más de Neeraj Kaushik

Más de Neeraj Kaushik (7)

How to place orders through FIX Message
How to place orders through FIX MessageHow to place orders through FIX Message
How to place orders through FIX Message
 
Futures_Options
Futures_OptionsFutures_Options
Futures_Options
 
Linq Introduction
Linq IntroductionLinq Introduction
Linq Introduction
 
Quick Fix Sample
Quick Fix SampleQuick Fix Sample
Quick Fix Sample
 
DotNet & Sql Server Interview Questions
DotNet & Sql Server Interview QuestionsDotNet & Sql Server Interview Questions
DotNet & Sql Server Interview Questions
 
Design UML diagrams
Design UML diagramsDesign UML diagrams
Design UML diagrams
 
Design UML diagrams
Design UML diagramsDesign UML diagrams
Design UML diagrams
 

Implement Role Based Security Using Windows Groups In Wcf

  • 1. http://dotnetdlr.com Implement Role based security using Windows Groups in WCF This is third blog on security concept in WCF. You can read previous posts: Something about Security in WCF- I Implement windows authentication and security in WCF Service Today I’ll describe how we can implement role based authorization using Windows Group. In this case you will not need to maintain any information in database because roles are managing through windows group. Step1: Create Windows Group MarketServiceSuperUser in “Windows Users and Groups” in control panel. This group will be treated as roles in application. Step2: Add users to windows Group. In this case user will be member of this group.
  • 2. http://dotnetdlr.com Step 3: Implement Role based security in Service side. The principal in .NET is any object that implements the IPrincipal interface, defined in the System.Security.Principal namespace: public interface IPrincipal { IIdentity Identity {get;} bool IsInRole(string role); }
  • 3. http://dotnetdlr.com The IsInRole() method simply returns true if the identity associated with this principal is a member of the specified role, and false otherwise. Programmatic Implementation public double GetMarketPrice(string symbol) { IPrincipal principal = Thread.CurrentPrincipal; if (!principal.IsInRole("MarketServiceSuperUser")) throw new AuthenticationException("Access Denied"); GetServiceContext(); //TODO: Fetch market price //sending hardcode value if (!symbol.EndsWith(".NSE")) throw new FaultException( new ValidationException { ValidationError = "Symbol is not valid" }, new FaultReason("Validation Failed")); //send real price return 34.4d; } Principal object contains caller’s identity and can be check if role is valid for this user. If Client user is not member of windows group then IsInRole will return false. Declarative Implementation Above behavior can also be implemented by PrincipalPermission attribute which take SecurityAction enum and role name. [PrincipalPermission(SecurityAction.Demand, Role = "MarketServiceSuperUser")] public double GetMarketPrice(string symbol) { //sending hardcode value if (!symbol.EndsWith(".NSE")) throw new FaultException(new
  • 4. http://dotnetdlr.com ValidationException { ValidationError = "Symbol is not valid" }, new FaultReason("Validation Failed")); //send real price return 34.4d; } Step 4: Run Client Application  Run with User which are not member of MarketServiceSuperUser. static void Main(string[] args) { try { Console.WriteLine("Connecting to Service.."); var proxy = new ServiceClient(new NetTcpBinding(), new EndpointAddress("net.tcp://localhost:8000/MarketService")); proxy.ClientCredentials.Windows.ClientCredential.Domain = "domainuser"; proxy.ClientCredentials.Windows.ClientCredential.UserName = "MarketServiceUser"; proxy.ClientCredentials.Windows.ClientCredential.Password = "123456"; Console.WriteLine("MSFT Price:{0}", proxy.GetMarketPrice("MSFT.NSE")); Console.WriteLine("Getting price for Google"); double price = proxy.GetMarketPrice("GOOG.NASDAQ"); } catch (FaultException ex) { Console.WriteLine("Service Error:" + ex.Detail.ValidationError); } catch (Exception ex) { Console.WriteLine("Service Error:" + ex.Message); } Console.ReadLine(); } In above code client will call with user which is member of MarketServiceSuperUser, service will authorize to access resources in service.  Run with User which are not member of MarketServiceSuperUser. proxy.ClientCredentials.Windows.ClientCredential.Domain = "domainuser"; proxy.ClientCredentials.Windows.ClientCredential.UserName = "MarketServiceInvalidUser"; proxy.ClientCredentials.Windows.ClientCredential.Password = "123456"; In this case SecurityAccessDeniedException will generate with “Access Denied” message.
  • 5. http://dotnetdlr.com I hope this post brief you about implementation of role base security using windows group.