WCF Service Security for Authentication and Authorization

Question

Hi! First of all I apologize for my english... As I wrote in title I need to secure my WCF Service. I always used message security mode using ClientCredentialType="Certificate", checking in this way:

<serviceCertificate findValue="cn=abc" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName"/>
<clientCertificate>
    <authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>

This configuration worked well, but now I need to assign different privileges to the authenticated clients, I need Authorization in other words. Any idea? Thanks, Alberto

Answer 1

Sounds like you're after Roles. Check out this Codeplex Chapter and the Authorization section of the Codeplex WCF Security Guidelines. It provides plenty of details of different scenarios and I found it very useful when setting up WCF services.