Related to this question, I've got a custom UserNamePasswordValidator that logs in to our internal API. As part of this logging-in, I can discover the user's roles in our system.
I'd like to later use these in PrincipalPermissionAttribute demands on the service methods, e.g.:
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "System Administrator")]
public string HelloWorld()
{ /* ... */ }
I think it can't because you need to create custom Principal. The reason why I think you can't do it in the validator is because I read somewhere that the validator runs in different thread than operation context. I have never checked it but lets assume it really does. Based on this assumption Principal set in the validator will not be used in WCF operation. You have to create custom autorization or custom role provider.