I'm trying to allow all users in the Administrators group access through WCF.
internal sealed class AuthorizationManager : ServiceAuthorizationManager
{
public override bool CheckAccess(OperationContext operationContext)
{
base.CheckAccess(operationContext);
ReadOnlyCollection<ClaimSet> claimSets = operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets;
ClaimSet claimSet = claimSets[0];
foreach (var claim in claimSet.FindClaims(ClaimTypes.Sid, Rights.Identity))
{
SecurityIdentifier sid = (SecurityIdentifier)claim.Resource;
NTAccount ntAccount = (NTAccount)sid.Translate(typeof(NTAccount));
//This line throws an error. How can i convert a SecurityIdentifier to a WindowsIdentity?
WindowsIdentity user = new WindowsIdentity(ntAccount.Value);
WindowsPrincipal principal = new WindowsPrincipal(user);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
}
}