.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WCF authentication/authorization model question

Posted By:      Posted Date: September 25, 2010    Points: 0   Category :WCF

Hello community

I'm building a SOA application, wcf services and RESTFull asp.net/java clients. I want to authorize/authenticare each client and be able to authorize/authenticate users of each client. example :

  • there are 10 servies running under the main application.
  • company A is authorized to use 5 services.
  • company A users has 3 diffrent group and will access diffrent class/functions within the services proviced for company A.

I want to use webhttpbinding for RESTfull support and Ajax calls(jquery since i'll have java client aswell) along with authentication.

is that even possible to authorize client/users on a wsHttp or basicHttp binding and let them use webhttpbinding in another service with role provider or declarative  authorization?  can anyone suggest me what sort of authorization/authentication combination model shall I use?

View Complete Post

More Related Resource Links

require guideline for 'Role-based authentication/authorization'



In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own? Can anyone please give the proper steps on how to acheive this?

Client object model Authentication.

  Sorry for my bad english. With WPF, I can get authentication using below code             ClientContext clientContext = new ClientContext("URL");             clientContext.AuthenticationMode = ClientAuthenticationMode.Default;             NetworkCredential credential = new NetworkCredential("ID", "PASSWORD", "URL");             clientContext.Credentials = credential; But with silverlight, I can't find AuthenticationMode property with ClientContext.   I want to get authentication using client object model with silverlight. Can anybody help me?   thanks!!   

Using ONLY User Certificates for SharePoint 2010 Authentication/Authorization

  Hello, I am relatively new to SharePoint, and was wondering how I can accomplish using only user certificates to authenticate (and eventually authorize) access to the SharePoint 2010 Server (not just IIS). My Environment currently looks like this:  - SharePoint is SSL-enabled - User Browser Certificates (generated using OpenSSL) successfully authenticate to the IIS Server - SharePoint uses Basic Authentication (user/password based on AD credentials) I need to: - Authenticate the user to SharePoint using the User Certificate from my browser (in other words, no password authentication to access the SharePoint website, but use the certificate that was used by iis to be able to log into SharePoint) I am assuming I must use some sort of claims-based authentication.  Ideally, I would like to use ONLY the certification itself as a source of Authorized Repository for authentication. However, I am also open to having the user certificate be linked to Active Directory users as well.  I have done some research on this but am still lost as to how to approach this problem. Is there anyone that has done this or can assist me in getting this to work? Any help would be greatly appreciated. Thanks!  

WCF IP authentication / authorization

I need to secure my WCF web service.  I wish to only allow messages coming from a certain IP to make calls to my web services.  Is there a way to detect the client's IP address and permit or not permit the message call to be made from the web service level?  What would be the best way of doing this? I cannot use IIS to filter out IP's because my web service sits behind a reverse proxy so all traffic hitting the web server has the same IP address.  Thanks DW

WCF Custom Authentication and Authorization

Hi, I'm porting a recently developed asmx service to a WCF service. We have used WSE3.0 UsernameToken authentication for the asmx service. The service authenticates the username and password against AD and then gets a list of things the account can do for authorization. I'm trying to do this with WCF. I've got the authentication working. The authorization is causing me problems. In the asmx service I read the username and password off the UsernameToken with this UsernameToken token = (UsernameToken)RequestSoapContext.Current.IdentityToken. I can get the username and password in the WCF service using a custom UserNamePasswordValidator which works great but how is best to do the authorization? I can't do it in the custom validator because that is common to all services for the project. So I have to do it at a later stage which means reading the username and password somehow (off the channel?) Any ideas?   Thanks

Best way to implement authentication and authorization for a sharepoint 2010 website.

Hi I come across different authentication methods in Sharepoint 2010. The sharepoint website we are develpoing as of now is Intranet. Later we are planning to move it to Internet(Public) site. What will be the best way to implement authentication and authorization for our website. If windows authentication(Classic mode authentication) is default for a sharepoint website (2010) , I have a few questions ragarding windows authentication. 1) In case of windows authentication, where should we maintain  users? 2) In case of windows authentication, how are the users created? 3) In case of windows authentication, how can I perform authorization.   If we want to use FBA(Form based authentication) in sharepoint 2010, I have a few questions ragarding FBA in sharepoint 2010. 1) In case of FBA(using Claim based authentication) , if we want to use custom database(where we are storing user details and  roles) rather than bulitin SQL membership  provider, how can we achieve this? Can anyone provide some useful resources to implement authentication(Windows or FBA or dual) and authorization for a sharepoint 2010 website with sample code? Please reply ASAP. Thanks & Regards Mahendra Babu

Custom Authentication migration question

A migration question... sorry if outdatedIn my student times I wrote an application in ASP.NET. Now I wish to upgrade the code to a later Framework versions but want to keep the database structure and old authentication.  Could anyone please send a link to a good article on how to make custom authentication in FrameWork 3.5? And a general question: is it better to move to the built-in authentication functionality? If yes then why? Many thanks

Question on Bulk-Logged Recovery Model


After reading this MSDN article , I'm a bit baffled about how bulk operations are logged...

If data extents are used for log backup, what data will be logged? Won't it be the data at a stage after several committed transactions have already been performed on those extents?

Just for my better understanding of the concept: Isn't it necessary to log the extents containing data at the time the bulk operation occured?

Is this the reason why restore operations cannot be performed on a point-in-time basis?

Thanks for helping me understand...

Authorization Manager (AzMan) as role provider with Windows integrated authentication in SharePoint


Hi all,

First I will describe my environment: Windows Server 2008 R2 x64, IIS 7, SQL Server 2008 and MOSS 2007 Enterprise Edition SP2 x64.

I am trying to setup SharePoint 2007 portal to use Windows integrated authentication with Authorization Manager (AzMan) as role provider.

I have set up an authorization store and defined a set of roles in there. Further I configured the web.configs of my SharePoint environment to use AzMan as role provider.

In IIS I see the roles appearing, but unfortunately those roles are not available in my SharePoint portal. I also see notification in IIS stating that Forms authentication has to be used

What should I do to configure it correctly? Is it even possible to use AzMan with Windows authentication in SharePoint 2007?

Thanks in advance.

With kind regards,




ASP.net role based authorization using froms authentication fails


Hi Dot Net Gurus,

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

<authentication mode="Forms">
	<forms name="userId" loginUrl="Login.aspx" defaultUrl="Default.aspx" path="/" timeout="240" requireSSL="false" />

Web.config (Member directory):

            <allow roles="Member" />
            <deny users="*" />


    protected void btnLogin_Click(object sender, ImageClickEventArgs e)
        String email = "";

How to implement Context based Authentication/Authorization?



We all aware of Role based security in ASP.NET. Above to that, I want to apply some business rules for authorization. These business rules are subjected to change dynamically.
Ex: Print option is available between 9am To 12pm, for Adminstrators.

I can control access to print option available for only for Administrators using Role-based authrozation. But here "9 am - 12pm" rule is my business context.

Need authorize the use action based on this context.
My target is to implement this without changing in Code - rebuild and deploy the DLLs.

I heard a copncept of XACML (eXtensible Access Control Markup Language). Seems this approch cann address my requirement.

I am using ASP.NET 4.0, SQL Server 2008, IIS 7, Windows 2008 Server.

Please provide the below information...
1. Is this approch supported by Microsoft?
2. Is there any open source implementaitons in .NET?
3. How Windows Identity Foundation relates to this?

Please share, if there is any work-around for Context based Authorization in .NET.
Thank you in Advance.


Using Enterprise Library Authentication & Authorization modules in SharePoint 2007



I have ASP.NET application which is using Enterprise Libraries Authentication and Authorization modules to validate user credentials. User credentials are stored in custom database schema. 

I have one SharePoint 2007 application. I would like to use forms based authentication mechanism to authenticate users in SharePoint application which will use the custom database used in ASP.NET application. 

I would like to know how can I use above mentioned ASP.NET applications authentication mechanism in SharePoint 2007 application?

Thanks in Advance.


Authentication and authorization



I have a site that requires authentication and is provided through form, now I have created a virtual directory within the site that requires me to properly authenticate with the authentication, once authenticated, but I do not redirect the page request, saying that does not exist.
Part of WebConfig related to authentication and very simple:

<authentication mode="Forms">
<forms path="/" loginUrl="FormLogin.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">

when I try to visit my default page in the new virtual directory, it asks me to authenticate
but after I authenticated
the url becomes http://miosito/ib2011/default.aspx
which is 'correct, but the page that comes back to me and' this

how to catch certificate authentication and authorization errors in client


How can i know at client side that my request to wcf service(with certificate authentication over nettcp) has failed because of authentication or authorization.

i think authentication can fail if the certificate is not a valid certificate(ie date has expired). For authorization i have implemented ServcieAuthorizationmanger and returning true/false. how wcf will transfer this to authrization error.



Model View ViewModel question



I´m playing around with XAML and MVVM, and have a question about the wiring between the model and the viewmodel:

If I have a model that updates its data on random times, what wiring is used between the model and the viewmodel to let the viewmodel know that the model has changed?.

Between the view and viewmodel a bindings and NotifyPropertyChanged would take care of this.


Trying to learn

authentication and authorization problems


I am getting following error while executing my project.

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.    C:\Documents and Settings\abhimanyu\Desktop\ChinmayaMission Website\admissionzone\Web.config    16    

well this is very simple project but i am unable to find it how? actually i have folder level config file and folder level authentication. please look at following image that i have created for better understanding.


Please reply me, what I use inside the folder level config file and root level config file to accomplish such job.


what's the authorization model of moss2007?


Hi all,

i've implemented a membership provider, and it works.

while, i am confused about the Role provider. Does it have something to do with sharepoint groups or permission levels?

can i take over sharepoint's default authorization mechanism, and implement it by my custom code?

i have a table which have two columns, one for username, the other for the sharepoint groups he or she belongs to.

how to get moss to take these information into account when it decide users' permissions .

note: data in this table(users and their groups) is maintained by other programs.

is there some detailed description about sharepoint's authorization model?


BI, Data Mining, Analytical CRM
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend