Share via


IBrokeredServiceContainer.GetFullAccessServiceBroker Method

Definition

Gets an IServiceBroker with full access to all services available to this process with local credentials applied by default for all service requests. This should not be used within a brokered service, which should instead use the IServiceBroker that is given to its service factory.

public Microsoft.ServiceHub.Framework.IServiceBroker GetFullAccessServiceBroker ();
abstract member GetFullAccessServiceBroker : unit -> Microsoft.ServiceHub.Framework.IServiceBroker
Public Function GetFullAccessServiceBroker () As IServiceBroker

Returns

An IServiceBroker instance created for the caller.

Remarks

When a service request is made with an empty set of ClientCredentials, local (full) permissions are applied. A service request that includes its own client credentials may effectively "reduce" permission levels for the requested service if the service contains authorization checks. It will not remove a service from availability entirely since the service audience is always to allow all services to be obtained.

Callers should use the IServiceBroker they are provided via their BrokeredServiceFactory instead of using this method to get an IServiceBroker so that they are secure by default. An exception to this rule is when a service exposed to untrusted users has fully vetted the input for a specific incoming RPC call and wishes to request other services with full trust in order to accomplish something the user would otherwise not have permission to do. This should be done with great care.

Applies to