XACML and WCF Examples [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 9 years ago.

I'm looking for any resources/references/insight/example code you've found/use/can-share that tackle securing WCF services using XACML. Yes I've googled around, and no, not much helpful comes up. There is a severe lacking of useful info on this subject out there.

Any of the following you could share would be helpful:

1. Overview of the basic workflow used when securing WCF with XACML

2. Example XACML documents used in conjunction with WCF

3. WCF configuration examples when using XACML

Basically, anything that can serve as a starting point would be extremely helpful!

Answer 1

The lack of information is probably because there's no out-of-the-box solution that ships with .NET for protecting web services (WCF or WSE) with XACML.

There needs to be some piece of code that intercepts the web service request and checks it against the policy you've defined. You'll have to either build your own solution, or rely on an open source or commercial solution (or a combination of the two - a custom hook into .NET talking to a vendor's PDP - see example here).

Depending on your setup, if you're doing a WS-Trust exchange for authentication you may be able to inject an XACML authorization step as part of that flow; but that would depend on the capability of the token server you're using as well.