1

我有一个netTcp包含 100 多种方法的 WCF 服务绑定,我想保护基于 Windows 用户组的所有方法。

我知道您可以将属性放在[PrincipalPermission(SecurityAction.Demand, Role = "MyWindowsUserGroup")]每个方法之前。

我是否需要为每个方法单独执行此操作,或者有没有办法让服务中的每个方法默认使用同一个用户组进行保护?

4

1 回答 1

1

您可以PrincipalPermission在类级别和方法上添加。

// Before:
public class AdministrationService : IAdminService
{
   [PrincipalPermission(SecurityAction.Demand, Role = "Domain\Admin Service Admins")]
   public bool DisableAdministrator(int userId)
   {
   }

   [PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
   public bool DeleteAdministrator(int userId)
   {
   }
}

// After:

[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public class AdministrationService : IAdminService
{
   public bool DisableAdministrator(int userId)
   {
   }

   public bool DeleteAdministrator(int userId)
   {
   }
}

如果您希望拥有多种类型的权限,您还可以定义它的多个实例。

[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Domain Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\Power Users")]
public class AdministrationService : IAdminService
{
   public bool DisableAdministrator(int userId)
   {
   }

   public bool DeleteAdministrator(int userId)
   {
   }
}
于 2015-07-12T08:09:31.097 回答