Поделиться через


Exercise 2: Implement Security Features on the Workflow Service

In this exercise, you will implement CLR-based role- and claim-based authorization on the workflow service you created in Exercise 1: Create a Basic Workflow Service. These two authorization models work together to secure access to your service.

For workflow services, role-based authorization relies on the PrincipalPermissionRole and PrincipalPermissionName properties, which create an internal PrincipalPermission object that demands that the identity of the current principal matches that specified by the current permission. For example, you can restrict access to certain operations by only allowing users who belong to a specific NT account group.

Claims are assertions made about the message. These assertions are generated and stored on the message as the message travels through the WCF channel pipeline. These set of claims are then compared to a set of requirements that are specified on the activity. If there is a claim found for each of the requirements and a proper comparison can be done, then the security requirements are deemed to be satisfied.

In This Section

Task 1: Enable Role-based Authorization on the Workflow Service

Task 2: Enable Claim-based Authorization on the Workflow Service

Reference

Claim

ClaimSet

PrincipalPermissionRole

PrincipalPermissionName

PrincipalPermission

OperationValidation

Managing Claims and Authorization with the Identity Model

Prescriptive Security Guidance for Workflow Services

See Also

Other Resources

Tutorial: Create a Workflow Service

Copyright © 2007 by Microsoft Corporation. All rights reserved.
Last Published: 2010-03-04