我有一个带有100多个方法的netTcp的WCF服务绑定,我想保护所有基于Windows用户组的方法。
我知道你可以把属性[PrincipalPermission(SecurityAction.Demand, Role = "MyWindowsUserGroup")]放在每个方法之前。
我是否需要为每一个方法单独执行此操作,或者是否有一种方法可以默认使用同一用户组保护服务中的每个方法?
您可以在类级别和方法级别添加PrincipalPermission。
// Before:
public class AdministrationService : IAdminService
{
[PrincipalPermission(SecurityAction.Demand, Role = "DomainAdmin Service Admins")]
public bool DisableAdministrator(int userId)
{
}
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public bool DeleteAdministrator(int userId)
{
}
}
// After:
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
public class AdministrationService : IAdminService
{
public bool DisableAdministrator(int userId)
{
}
public bool DeleteAdministrator(int userId)
{
}
}
如果您希望拥有多种类型的权限,还可以定义它的多个实例。
[PrincipalPermission(SecurityAction.Demand, Role = "Admin Service Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "DomainDomain Admins")]
[PrincipalPermission(SecurityAction.Demand, Role = "DomainPower Users")]
public class AdministrationService : IAdminService
{
public bool DisableAdministrator(int userId)
{
}
public bool DeleteAdministrator(int userId)
{
}
}