tags:

views:

805

answers:

2
Q: 

Windows Authentication, Custom permissions, WCF, Active Directory

Hello,

I have a client/server project, communicating with WCF (Named Pipes for now, but that can change - but I cannot use IIS). This project is integrated with Active Directory.

This program is designed to give users permissions that normally don't have permissions, by acting as a sort of proxy. The user uses the client to "request" a task to be performed. The server then performs the task for the client, as long as certain criteria are met.

One of these criteria is that the user is allowed to request this task. I need a way for my WCF service to guarantee the identity of the user, compare it to a database, and either perform the task, or deny the task.

How would I use Windows Authentication to guarantee 100% that the user is who they say they are?

Thanks in advance,

Mike

A: 

The only allowed type of authentication for Named Pipes is Windows Authentication (scroll down to netNamedPipeBinding). You can do the impersonation declareatively for example ...

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string GetData(int value)
{
  return string.Format("Hi, {0}, you have entered: {1}",
                           WindowsIdentity.GetCurrent().Name, value);
}

Once you have the identity, you know that Windows has properly authenticated this user and you can check that identity against what you have in your DB.

JP Alioto  2009-07-23 01:20:17
Is the impersonation code required?I actually need to perform the task as a completely different user than the one requested. Just need to check their credentials against my database before continuing. Would this do that?
Mike Christiansen  2009-07-23 01:28:23
You only need the impersonation to get the identity of the caller. If you get the current Windows Identity without impersonating, you will get the identity of the account under which the service is running. You only need to check, get the name and return the name from your method. You don't have to do the work in the method that impersonates the caller (in fact, that's what you don't want to do).
JP Alioto  2009-07-23 01:43:18
A: 

You can create a custom ServiceAuthorizationManager and implement the validation against your user db in CheckAccessCore.

See How to: Create a Custom Authorization Manager for a Service.

Remus Rusanu  2009-07-23 01:40:18

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?