WCF Services Authorisation to a service function without membership provider

Question

I've a WCF service which uses UserNamePasswordValidator for authantication. I check the username and password. If it is ok, then I allow to access service call.

class CustomUserNameValidator : UserNamePasswordValidator
{
    WebServiceDM entity = new WebServiceDM();

    public override void Validate(string userName, string password)
    {

        string encrypted = CryptographyManager.EncryptSymmetric(password);



        Kullanici _user = entity
                          .Kullanici
                          .FirstOrDefault(h => h.Username == userName && h.Password == encrypted);



        if (_user == null || _user.Username == "")
        {
            //Invalid User ...
            throw new Exception("Username and password failed");
        }


    }

}

Now I need a function based Authorisation like PrincipalPermission. But in this case, I don't have any Membership provider.

[ServiceContract]
public interface IEglenceServices
{

    [OperationContract]
    List<EGLENCEBEYAN> GetEglenceBeyan(int yil);

}

So what can I do for this case ?

Answer 1

To wire in a custom principal permission, you can use a custom IAuthorizationPolicy implementation. See http://leastprivilege.com/2007/08/08/custom-principals-and-wcf/ for an example.