WCF service access permission to a role specific user group

Notice the word "user group"? Here interviewer want to check your practical thinking on WCF service access permission as most of you are familiar with "user role" but not "group". Don't be puzzled. Role based authorization will work here too. The other way can be use of WCF Extensibility feature but that is a lengthy one.

WCF provides us the Role Based Authentication mechanism that can be used for setting service access permission for a specific group. To make it work, we need to do some settings in web.config file as well we need to decorate our those services on which we want to implement this access security.

It can be done in 3 simple steps as :

1)   Enable “aspNetCompatibilityEnable”


2)   Then, we need to specify the Group for which we want to apply security in web.config as:


3)   And finally specify the security with class that implement your service. This decoration of service is require because, asp.net Compatibility Mode is set to false by default. RequirementMode is set to Allowed.

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

This asp.net compatibility mode setting is done to use ASP features like identity impersonation. This setting applies at the application level (through root web.config file) and can’t be overridden at any folder level web.config files. By default, AspNetCompatibilityRequirementMode is : Allowed.

You can also refer MSDN for Authentication, Authorization and Identities in WCF