Authorization plays a very important role in service security. By adopting proper authorization policies and rules, we can control who can access which part of the functions exposed in a particular WCF service.
WCF provides several means to perform operation authorization, such as role-based and claim-based authorization. These built-in authorization means will work well for most cases, since the authenticated client identity will be used for determining the authorization result. However, sometimes we will need to apply some custom code logic for service operation authorization.
In this recipe, we will demonstrate how we can use the
ServiceAuthorizationManager to implement custom ...