
I have a simple WCF Service hosted on IIS 8 that uses wsHttpBinding. I want to be able to control wich users (domain accounts) have access to the service. How can I do that? Perhaps there are several ways to do this. Can I define the accounts in the web.config file or do I set this up in IIS?

È stato utile?


You can use PrincipalPermission to control it.

Check out this answer: WCF security with Domain Groups

And here you can catch up on msdn:

Altri suggerimenti

You could use a Custom Authenticator.

You would need to inherit UserNamePasswordValidator from the System.IdentityModel.Selectors namespace.

Sample from MSDN

 public class ServiceValidator : UserNamePasswordValidator
    public override void Validate(string userName, string password)

        if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password))
            throw new SecurityTokenException("Username and password required");
            if (Authenticate(userName, password))
                // no need to do anything else if authentication was successful. the request will be redirected to the correct web service method.
                throw new FaultException("Wrong username or password ");

Web.config for the server:

    <behavior name="SomeServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyApp.ServiceValidator, MyApp"  />
        <serviceCertificate findValue="CertificateNameHere" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" />

<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <binding name="RequestUserName">
      <security mode="Message">
        <message clientCredentialType="UserName" />

This is the basics for what you will have to implement. You could then in your Authenticate/Authorize method restrict which users should be allowed to make calls to the web service methods.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top