alexanderzeitler.com - WCF Web API: Role based access control with basic authentication

WCF Web API: Role based access control with basic authentication | Alexander Zeitler

Alexanderzeitler.com Spined HTML

WCF Web API: Role based wangle tenancy with vital hallmark | Alexander Zeitler Toggle navigation Home Feed WCF Web API: Role based wangle tenancy with vital hallmark Written on August 24, 2011 Authenticating users with WCF Web API using vital hallmark is a worldwide use case. Yet this does not unchangingly fit all needs -- sometimes you may want to requite users wangle to resources based on the roles they vest to. We want to proceeds users role based wangle to resources by attributing the resource matriculation with a RolesAttribute: [AttributeUsageAttribute(AttributeTargets.Class)] public matriculation RolesAttribute :Symbol{ readonly string _roles; public RolesAttribute(string roles) { _roles = roles; } public string Roles { get { return _roles; } } } Thus, our contacts resource matriculation could squint like this: [ServiceContract] [Roles("Admins")] public matriculation ContactsResource { [WebGet(UriTemplate = "")] public HttpResponseMessage<List<Contact>> Get(HttpRequestMessage request) { return new HttpResponseMessage<List<Contact>>( new List<Contact>() { new Contact() { Id= Guid.NewGuid(), Name = "Alexander Zeitler" } }); } } Now we need to verify that the authenticated user is in the neccessary roles for our contacts resource. This is washed-up by the use of an HttpOperationHandler. public matriculation RoleRequestHandler : HttpOperationHandler<HttpRequestMessage, HttpRequestMessage> { readonly IRoleRepository _roleRepository; public RoleRequestHandler(IRoleRepository roleRepository) : base("request") { _roleRepository = roleRepository; } public override HttpRequestMessage OnHandle(HttpRequestMessage request) { var userRoles = _roleRepository.GetRolesForUser(Thread.CurrentPrincipal.Identity.Name); var operationContext = OperationContext.Current; var serviceType = operationContext.Host.Description.ServiceType; var symbol = (serviceType.GetCustomAttributes(typeof(RolesAttribute),false)).FirstOrDefault(); if (null != attribute) { var rolesAttribute = symbol as RolesAttribute; var roles = rolesAttribute.Roles.Split(",".ToCharArray()).ToList(); if (roles.Where(r => r.Any(u => userRoles.Contains(r))).Count() > 0) { return request; } else { throw new HttpResponseException( new HttpResponseMessage( HttpStatusCode.Unauthorized, "You're not in the required roles.")); } } return request; } } First, we're retrieving the the roles the authenticated (through vital auth) user belongs to. Then, the type of the requested resource is read from the currents operation context description. After this we try to get the roles symbol from the resource matriculation type and finally trammels if the users matches at least one of these roles specified in the attributed contacts resource. If this is the case, the request is forwarded to the contacts resource. Otherwise we throw an exception containing a 401 unauthorized status lawmaking and a comprehensive reason phrase. To wire things up, we need to assign our request handler to our configuration: configuration .AddRequestHandlers(c => c.Add( new RoleRequestHandler( container.Resolve<IRoleRepository>())), (s, o) => true); Next step should be wangle tenancy at method level - lets see if I can handle this ;-) I'll alimony you up to date... Please enable JavaScript to view the comments powered by Disqus. Copyright © Alexander Zeitler 2003 - 2016 | Impressum