.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

can't get role based authorization to work

Posted By:      Posted Date: September 14, 2010    Points: 0   Category :WCF
My problem is that my service will not start regardless of what I put in the Role demand.  I even try "BUILTIN\Users" or "Users". Basically, there is absolutely no scenario where the out of the box WCF functionality actually works.  So what magic do I have to do to enable Authorization to check if the authenticated identity has a specific domain group membership? <system.serviceModel> <bindings> <netTcpBinding> <binding name="RBSync" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <reliableSession ordered="true" enabled="true" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/> </security> </binding> </netTcpBinding> </bindings> <client /> <behaviors> <serviceBehaviors>

View Complete Post

More Related Resource Links

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

require guideline for 'Role-based authentication/authorization'



In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own? Can anyone please give the proper steps on how to acheive this?

ASP.net role based authorization using froms authentication fails


Hi Dot Net Gurus,

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

<authentication mode="Forms">
	<forms name="userId" loginUrl="Login.aspx" defaultUrl="Default.aspx" path="/" timeout="240" requireSSL="false" />

Web.config (Member directory):

            <allow roles="Member" />
            <deny users="*" />


    protected void btnLogin_Click(object sender, ImageClickEventArgs e)
        String email = "";

Problem making Role based Menu in MVC application



 I want to make Rolebase menu in MVC such that if user doesnot have permission for some action then that Action name shouldnot be shown in the Menu.

 I have used the code in the url(http://forums.asp.net/t/1566328.aspx) in my MVC application.My application is a Discussion Forum(in MVC) same functionality as in this forum forums.asp.net

 I have used Controllers for post, thread etc.In each controller there are some actions that are using [Authorize(Roles)] attribute

 but this coding does not count  those Actions in Controllers having Authorize attribute according to the url http://forums.asp.net/t/1566328.aspx 

 In the code, Authorize attribute is applied to Controller class, but my requirement is of Applying Authorize attribute to some actions in controller so that some are available for all users and  some links are available rolewise.Now what is the solution for that?



Claims-Based Apps: Claims-Based Authorization with WIF


Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine November 2009

Test-Driven Design: Using Mocks And Tests To Design Role-Based Objects


Use Test-Driven Development with mock objects to design object oriented code in terms of roles and responsibilities, not categorization of objects into class hierarchies.

Isaiah Perumalla

MSDN Magazine June 2009

Service Station: Authorization In WCF-Based Services


Windows Communication Foundation (WCF) provides an easy role-based system and a more powerful and complex claims-based API for implementing authorization in services.

Dominick Baier and Christian Weyer

MSDN Magazine October 2008

Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET


Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002

How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


Getting filtered data from Role based SSAS security

Hi everyone,I've got a heap of reports that are based on various SSAS cubes. I have roles defined on these cubes that restrict data via certain dimensions. Question is, will these restrictions filter through to the report...ie, if I have a sales person restricted in the SSAS cube to only see sales against their territory (restricted in the Territory dimension), when they run the report will it filter the result based on their SSAS credentials and only show the data they have access to (even though the SSRS report has no direct filters or parameters applied)?Cheers for any help!!

How well does SharePoint REALLY work and play with an RODC-based AD environment?

We are running into a host of interesting little problems getting SharePoint Foundation 2010 to work and play well in a DMZ where its only access to Active Directory is through a read-only domain controller (RODC).  Our SharePoint server is on the DMZ, along with an RODC, while our database server is on our internal network, along with our main AD domain controllers. The SharePoint Configuration Wizard simply WOULD NOT complete successfully until we set up a temporary firewall rule that granted the SharePoint full access to AD.  At that point, we could successfully run the SharePoint and SharePoint Farm configuration wizards, and create a site collection, identifying two domain users as site collection admins.  After we turned off the firewall rule, once again restricting the server to AD access via the RODC, we could create and access SharePoint sites just fine, so long as the users involved were the two identified as site collection administrators. However, when I tried to create a new SharePoint site group and identify a third domain user as the group owner, or add a new user to one of the existing SP site groups, or even just grant site-level permissions directly to a domain user (other than the two site collection admins), the user name would not resolve.  I suspect that the site admins resolve okay because SharePoint already has them cached in it

Sharepoint 2010 with role-based asp.net security


I have a Sharepoint 2010 (forms authentication) site on windows server 2008 with asp.net role-based security. At the highest level i have document libraries with folders within each as shown below.

> Doc Lib 1

>> Sub folder 1

>> Sub folder 2

> Doc Lib 2

>> Sub folder 1

>> Sub folder 2

Sub folder 1 and sub folder 2 are the same within each document library.

I want to be able to use asp.net roles to restrict users access to the document library. For example, user 1 should only be able to access sub folder 1 within doc lib 1. I'm not sure how i should go about configuring the roles.

I have created role1 for access to doclib1 and role2 for doclib2. In addition i also have roleA for access to subfolder1 and roleB for access to subfolder2. I have assigned the roles the libraries and folders. To user 1, i have assigned : role1 and role A. I expect that user1 should only see doclib1 and within it subfolder1. But that isn't the case.

How do i achieve my desired results?

Report Model based on Analysis Services Cube doesn't work


Hi all,

I am working in BIDS and would like to create a Report Model based on a cube.

Creating a Data Source based on SSAS goes well, but when I want to make a Data Source View, the earlier created Data Source doesn't show up, which is necessary for the final resulting Report Model.

Could somebody help me out in solving this issue? (And also tell me why this is issue is rising?)


SQL Server 2008 & BIDS 2008 (Version 9.0.3x)

Authorization Manager (AzMan) as role provider with Windows integrated authentication in SharePoint


Hi all,

First I will describe my environment: Windows Server 2008 R2 x64, IIS 7, SQL Server 2008 and MOSS 2007 Enterprise Edition SP2 x64.

I am trying to setup SharePoint 2007 portal to use Windows integrated authentication with Authorization Manager (AzMan) as role provider.

I have set up an authorization store and defined a set of roles in there. Further I configured the web.configs of my SharePoint environment to use AzMan as role provider.

In IIS I see the roles appearing, but unfortunately those roles are not available in my SharePoint portal. I also see notification in IIS stating that Forms authentication has to be used

What should I do to configure it correctly? Is it even possible to use AzMan with Windows authentication in SharePoint 2007?

Thanks in advance.

With kind regards,




How to implement Context based Authentication/Authorization?



We all aware of Role based security in ASP.NET. Above to that, I want to apply some business rules for authorization. These business rules are subjected to change dynamically.
Ex: Print option is available between 9am To 12pm, for Adminstrators.

I can control access to print option available for only for Administrators using Role-based authrozation. But here "9 am - 12pm" rule is my business context.

Need authorize the use action based on this context.
My target is to implement this without changing in Code - rebuild and deploy the DLLs.

I heard a copncept of XACML (eXtensible Access Control Markup Language). Seems this approch cann address my requirement.

I am using ASP.NET 4.0, SQL Server 2008, IIS 7, Windows 2008 Server.

Please provide the below information...
1. Is this approch supported by Microsoft?
2. Is there any open source implementaitons in .NET?
3. How Windows Identity Foundation relates to this?

Please share, if there is any work-around for Context based Authorization in .NET.
Thank you in Advance.


Making Claims based authentication work with multi-tenant environment in SP 2010


Does anybody know of a guide or reference for setting up hosting in a multi tenant where authentication happens in claims based mode?


We have a setup where our clients are hosted on a single web application under different site collections. And we use forms authentication where user of a particular site collection gets authentication using the respective database. We now want to use claims based authentication and out-of-the-box multi-tenancy of SP 2010. We can setup site collections and site groups, but how do we implement claims based authentication in an env like this?

My custom role provider doesn`t work


Hi guys.

Have a little problem. I`ve developed my custom role provider to have my implementation of it logic. But during the process i have a problem with this.

I implemented class CustomRoleProvider:

namespace CSSA
    public class CustomRoleProvider : RoleProvider
        public override string ApplicationName
            get { return "xxx"; }
            set { }

        /// <summary>
        /// Add roles to users.
        /// </summary>
        /// <param name="usernames">list of member which need to accept roles</param>
        /// <param name="roleNames">The list of role, which will be apply to user List</param>
        public override void AddUsersToRoles(string[] usernames, string[] roleNames)
            throw new NotImplementedException();

        public override void CreateRole(string roleName)


        public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
            return true;

        public override string[] FindUsersInRole(string roleName, string usernameToMatch)
            throw new NotImplementedException();

        public override string[] GetAllRoles()
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend