WCF RIA Services Authorization

views:

answers:

WCF RIA Services Authorization

Hi guys,

Assume we have two groups "Admins" and "Users". Admins are able to use any operation available in the service but the users can only use some of them.

Should I add the "Admins" group to every single operation or if I just write it on top of the class will do the trick?

Thanks.

Multiple RequiresRole attributes are combined with an AND while multiple roles passed to a single attribute are OR'd. In your case, you'll want to OR the attributes ("User" or "Admin") so you'll have to apply "Admin" to every single method.

// "Admin" && "User", equivalent to using a class attribute for "Admin"

[RequiresRole("Admin"), RequiresRole("User")]

// "Admin" || "User"

[RequiresRole("Admin", "User")]

Kyle McClellan 2010-09-07 14:03:56

Thanks for your answer. If I assign every user whether he/she is an admin or not, I won't have to apply the user role attribute to every operation. Right?

Mohammadreza 2010-09-08 07:28:54

Well... I don't think so. You might be able to apply "User" at the DomainService level (you must be a User to access anything) and then selectively apply "Admin" on individual operations (you must be a User and an Admin to use those methods). I don't think there's a good way to say "you must be an Admin to use these methods unless I specify something else".

Kyle McClellan 2010-09-08 21:14:10

ansaurus

tags:

views:

answers:

WCF RIA Services Authorization

related questions