WCF: Where is GetRolesForUser? all I see is GetRolesForCurrentUser

Question

Guys,

When I create a custom role provider by inheriting from RoleProvider, I created a method called public override string[] GetRolesForUser(string username) .. However, when I try to use this Service Reference all I have access to is GetRolesForCurrentUser(). It works and calls my method behind the scenes ok. As in, GetRoleseForCurrentUser passes the current user into my method so it's all good. But what I'm wondering is, is there a way for me to also expose my original method (the one that takes an argument), or am I missing something?

Answer 1

Well, first off i have to assume some stuff, you are using Username/Password message layer authentication, and a custom role provider for the message layer authorization.

If you are doing this make sure you secure the Transport layer

The point of GetRolesForCurrentUser() is that it checks the current threads Principal user and returns all roles for that user, in that way the user can never impersonate somebody else. The Username/Password must be embedded into the Message headers, this happens automatically in .net when you set the proxy Credentials on the client.

If the user calling the WCF client was allowed to pass his Username as a parameter, it means the role provider by design will still authenticate the user by the current threads Principal user and then you would want to authenticate further the user by the the Username passed to GetRolesForUser(string username), there is no point, besides some kind of complicated impersonation scheme.

If that is you goal, check out this link