具有角色的 WCF PrimaryPermission，为子方法进行配置

发布于 2024-11-30 14:15:10 字数 730 浏览 0 评论 0原文

我想让它尽可能简单，所以我不会发布任何代码，因为它可能只会让事情变得混乱。

我已经使用 WCF 基于角色的授权在我的应用程序中实现了安全性。

假设我公开的接口上有 4 个方法

GetPerson
DeletePerson
UpdatePerson
GetSurnameAndForename

我已将附加

[PrincipalPermission(SecurityAction.Demand,Role="POWERUSER")]

到前 3 个方法，将

[PrincipalPermission(SecurityAction.Demand,Role="GENERALUSER")]

附加到最后一个方法。

这工作得很好，并且可以防止“GENERALUSER”访问前 3 个方法。

但是，方法 GetSurnameAndForename 在内部调用 GetPerson 方法，该方法失败。我明白为什么它会失败，但是有没有一种首选方法可以允许 GetSurnameAndForename 在没有 POWERUSER 角色的情况下调用 GetPerson ？

我能想到的唯一方法是在 IsInRole 方法中添加额外的检查来检查 CallStack 以查看此调用是否来自内部方法或外部调用。这个解决方案有效，但不是很优雅。

原文

I want to keep this as simple as possible, so I'm not posting any code,as it will probably just confuse things.

I have implemented security in my application using WCF's role based authorisation.

Assume that I have 4 methods on my publicly exposed interface

GetPerson
DeletePerson
UpdatePerson
GetSurnameAndForename

I have attached the

[PrincipalPermission(SecurityAction.Demand,Role="POWERUSER")]

to the first 3, and the

[PrincipalPermission(SecurityAction.Demand,Role="GENERALUSER")]

to the final one.

This works fine, and prevents a 'GENERALUSER' from accessing the first 3 methods.

However the method GetSurnameAndForename internally calls the GetPerson method, which fails. I understand why it fails, but is there a preferred way to allow GetSurnameAndForename to call GetPerson withouth having the POWERUSER role ?

The only way I can think of doing this, is adding an extra check in the IsInRole method to check the CallStack to see if this call has come from an internal method, or an external call. This solution works, but it's not very elegant.

分享到QQ

分享到微博