WCF & AzMan (Authorization Manager).

Hot Topic

LocalReport.LoadSubreportDefinition doesn't work ?
embedding relationship
Linq to Entities and Linq to SQL
Need to generate .rdlc at runtime for dynamic report processing in a web form.
how to inherit a report class in .net
BUG: CollectionDataContract parameter "Name" generates error for ASMX pages
error report while trying to add reference in visual studio.net 2005
where is the RENDER function like other 3d designing technologies
How to check if recordset returned is empty
Bugs on feedback

Visual Studio

Get the current / active worksheet
How to evaluate expression in the QuickWatch Window
Stateful Operation Selection (No OperationContext in IDispatchOperationSelector)
Report shows no data
Dependency Property's
ListView Sort with CellTemplate
CustomControl templating bug?
Security Exception in web application
Have Exception.Message display Exception.getMessage()
Visual Studio Crashes When attempting to edit xaml file.

WCF & AzMan (Authorization Manager).

Hi,

AzMan is a great Windows authorization provider. And, from my understanding, WCF is capable of supporting any type of authorization provider.

My question is: how could the two be integrated For example, ASP.NET provides an implicit AzMan membership provider. I would like to do the same with WCF, I mean, get a hold on my AzMan groups & roles directly from the ServiceSecurityContext, or better, use it declaratively in .config files, just like ASP.NET.

However, the WCF doc is not finished and lacks some important points so far. I am a bit lost between all possibilities (legacy, permissions, behaviors, tokens, XSI, etc...).

So any help / sample / direction would be appreciated :-)




Answer this question

WCF & AzMan (Authorization Manager).

  • scoman81

    all right. I found the sample, it's called "Role Provider". The interesting part (the link between ASP.NET & Indigo) is this:

    using (ServiceHost serviceHost = new ServiceHost(typeof(MyService), baseAddress))

    {

    serviceHost.Credentials.UserNamePassword.MembershipProvider = new MyMembershipProvider();
    serviceHost.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.UseAspNetRoles;
    ...

    So we can replace MyMembershipProvider by the AzMan provider, I think.

    Cool.

    Thanks.



  • Steve Graber

    Hi Pablo,

    Thanks for your answers :-)

    I thought about it but I see two problems. The first is sometimes you don't want to carry over System.Web and everything it references with you. Well, that's more an architectural point of view.

    Now, the second is: without being backed up by a real web app, I don't see how ASP.NET membership providers could play a role in implicit authentication & authorization, for any .NET application

    I mean, to me, ASP.NET authorization is based on ASP.NET authentication wich is triggered by the web host (IIS or other) authentication. Do you think that adding <system.web> and sub elements will just work magically



  • bala_excel

    Hi

    WCF uses Membership API when it is configured in the app.config of the service.

    There is an AzMan membership / roles provider that you can download (Search MSDN for it, there is an article about it).

    Than, your WCF service will validate users against Azman.

  • Jubber

    You can plug it in manually like Sam describes here:

    http://codebetter.com/blogs/sam.gentile/archive/2006/05/26/145540.aspx

    However if you want simple role based checking you can set it all up using the config file and then just use PrincipalPermission attribute on you service methods to make demands for membership of AzMan roles. Setup the config file as follows:

    1. Set the behaviour to use asp .net roles:

    <services>
    <service name="YourImplementationClass"
    behaviorConfiguration="MyBehaviour">
    <!--Endpoints defined in here-->
    </service>
    </services>


    <behaviors>
    <behavior
    name="MyBehaviour"
    returnUnknownExceptionsAsFaults="false" >
    <serviceAuthorization principalPermissionMode="UseAspNetRoles" />
    </behavior>
    </behaviors>

    2. Configure ASP roles to use AzMan:

    <connectionStrings>
    <add name="AuthorizationServices" connectionString="msxml://~/AzManStore.xml" />
    </connectionStrings>

    <system.web>

    <!--Set the ASP role manager to use AzMan-->
    <roleManager
    enabled="true"
    cacheRolesInCookie="true"
    cookieName="MyAppCookieName"
    defaultProvider="AuthorizationStoreRoleProvider">
    <providers>
    <clear />
    <add connectionStringName="AuthorizationServices"
    applicationName="MyAppName"
    cacheRefreshInterval="5"
    scopeName=""
    name="AuthorizationStoreRoleProvider"
    type="System.Web.Security.AuthorizationStoreRoleProvider" />
    </providers>
    </roleManager>

    </system.web>

    This works fine for me running the service under a windows forms app (on 2k3 and XP). I am trying to get it running as a Windows Service presently and it is being troublesome however.

  • Damien Morton

    Hi,

    To me, the "membership API" you talk about is only related to ASP.NET, not to the .NET Framework in general. I mean the <membership> config element is a child element of ASP.NET <system.web> configuration, not the general <configuration>.

    So while, I can see how I can use the AzMan ASP.NET membership provider (it's name is "RoleManagerAzManProvider") in a ASP.NET application using WCF, I don't see where all this fits in a non ASP.NET WCF application (service, console, etc...)

    Or am I missing something here :-)



  • NitinAgarwal

    The membership provider code works outside of ASP.Net.

    I believe that we have a membership provider sample in the SDK samples.

  • JBlackburn__

    Does using WCF eliminate the need to do Interop with AzMan As said in

    http://msdn.microsoft.com/library/default.asp url=/library/en-us/dnpag2/html/paght000019.asp

    "To use AzMan BizRules, you need to use COM interop."

    Do you get WCF with framework 3.0



  • Benke

    Hi Simon,

    Although membership is part of the System.Web namespace, you can use it in any application without problems. I mean, you can add the "<system.web>" section to a Winform application and it will work ok.

    Regards

    Pablo.



  • WCF & AzMan (Authorization Manager).
Answer this question