WCF Service ASP.NET Authorization Manager

Below sample using the System.ServiceModel ServiceAuthorizationManager and UrlAuthorizationModule from System.Web to provide IIS allow/deny authorization to a WCF Service.

Add the below class,

public class ASPNetAuthorizationManager : ServiceAuthorizationManager
        protected override bool CheckAccessCore(OperationContext operationContext)
            // Get the calling user
            System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(ServiceSecurityContext.Current.WindowsIdentity);

            // Use IIS authorization rules
            if (!System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(operationContext.Host.Extensions.Find<System.ServiceModel.Activation.VirtualPathExtension>().VirtualPath, wp, "GET"))
                throw new AddressAccessDeniedException("Access Denied : " + operationContext.Host.Description.Name);

            // If we get to here return true and grant access
            return true;

Register the service behavior in the web.config as below,

        <behavior name="serviceBehavior">
          <serviceMetadata httpGetEnabled="true"/>
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" serviceAuthorizationManagerType="ASPNetAuthorizationManager, MyWCFServices" />

This entry was posted in BizTalk Server. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s