Search

Locations of visitors to this page

Categories

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

On this page

PrincipalPermission Authorization in WF 4

Archive

March, 2010 (1)
February, 2010 (2)
January, 2010 (3)
December, 2009 (2)
October, 2009 (1)
June, 2009 (3)
May, 2009 (1)
April, 2009 (4)
March, 2009 (3)
February, 2009 (3)
January, 2009 (2)
December, 2008 (3)
November, 2008 (3)
August, 2008 (3)
July, 2008 (5)
June, 2008 (2)
May, 2008 (1)
April, 2008 (1)
March, 2008 (1)
February, 2008 (6)

Blogroll

 Mehran Nikoo

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

RSS 2.0 | Atom 1.0 | CDF

Send mail to the author(s) E-mail

Total Posts: 50
This Year: 6
This Month: 1
This Week: 1
Comments: 69

Sign In

 Tuesday, January 12, 2010
PrincipalPermission Authorization in WF 4
Tuesday, January 12, 2010 6:28:19 PM (GMT Standard Time, UTC+00:00) ( WF4 )

In last post, I have shown you how to get hold of OperationContext when using messaging activities. Once you got hold of OperationContext, you can use it to perform many useful tasks and one of them is Authorization. Let’s start by defining a Scope activity to hook our IReceiveMessageCallback implementation.

 

    [Designer(typeof(PrincipalPermissionScopeDesigner))]

    public class PrincipalPermissionScope : NativeActivity

    {

        public InArgument<string> PrincipalPermissionName { get; set; }

        public InArgument<string> PrincipalPermissionRole { get; set; }

 

        public Activity Body { get; set; }

 

        protected override void Execute(NativeActivityContext context)

        {

            var name = this.PrincipalPermissionName.Get(context);

            var role = this.PrincipalPermissionRole.Get(context);

 

            var principalPermission = new PrincipalPermission(name, role);

            context.Properties.Add("AuthorizationManager",

                new AuthorizationManager(principalPermission));

 

            context.ScheduleActivity(this.Body);

        }

            }

As part of Scope activity execution, I have added my ReceiveMessageCallback in execution properties collection. This enables our callback to be called for every message received by any activity inside the Scope. Once we have access to OperationContext (which is the only as the only parameter of the callback) we can use it to perform authorization.

 

        [DataContract]

        class AuthorizationManager : IReceiveMessageCallback

        {

            [DataMember]

            PrincipalPermission principalPermission;

 

            public AuthorizationManager(PrincipalPermission principalPermission)

            {

                this.principalPermission = principalPermission;

            }

 

            public void OnReceiveMessage(

                System.ServiceModel.OperationContext operationContext,

                ExecutionProperties activityExecutionProperties)

            {

                var currentPrincipal = Thread.CurrentPrincipal;

                var isPrincipalSet = false;

                var targetPrincipal = GetPrincipal(operationContext);

                try

                {

                    if (targetPrincipal != null)

                    {

                        Thread.CurrentPrincipal = targetPrincipal;

                        isPrincipalSet = true;

 

                        principalPermission.Demand();

                    }

 

                }

                catch (SecurityException)

                {

                    throw SecurityUtility.CreateAccessDeniedFaultException();

                }

                finally

                {

                    if (isPrincipalSet)

                        Thread.CurrentPrincipal = currentPrincipal;

 

                }

 

            }

And with a customer designer, this is how it look like

Comments [2] | | #