Share via


<serviceAuthorization> element

Specifies settings that authorize access to service operations

<system.serviceModel>

  <behaviors>

    <serviceBehaviors>

      <behavior> of <serviceBehaviors>

        <serviceAuthorization> element

                                    
                                    <serviceAuthorization
                                
                                    
                                          
                                    
                                       impersonateCallerForAllOperations="Boolean"
                                
                                    
                                           
                                    
                                       principalPermissionMode="None/UseWindowsGroups/UseAspNetRoles/Custom"
                                
                                    
                                           
                                    
                                       roleProviderName="String"
                                
                                    
                                           
                                    
                                       serviceAuthorizationManagerType="String" />
                                
                                    
                                           
                                    
                                       <authorizationPolicies>
                                
                                    
                                           
                                    
                                          <add policyType="String" />
                                
                                    
                                           
                                    
                                       </authorizationPolicies>
                                
                                    
                                    </serviceAuthorization>
                                

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

impersonateCallerForAllOperations

A Boolean value that specifies if all the operations in the service impersonate the caller. The default is false.

When a specific service operation impersonates the caller, the thread context is switched to the caller context before executing the specified service.

principalPermissionMode

Sets the principal used to carry out operations on the server. Values include the following:

  • None

  • UseWindowsGroups

  • UseAspNetRoles

  • Custom

The default value is UseWindowsGroups. The value is of type PrincipalPermissionMode.

roleProviderName

A string that specifies the name of the role provider, which provides role information for a Windows Communication Foundation (WCF) application. The default is an empty string.

ServiceAuthorizationManagerType

A string containing the type of the service authorization manager. For more information, see ServiceAuthorizationManager.

Child Elements

Element Description

authorizationPolicies

Contains a collection of authorization policy types, which can be added using the add keyword. Each authorization policy contains a single required policyType attribute that is a string. The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. Access control can be granted or denied based on that. For more information, see AuthorizationPolicyTypeElement.

Parent Elements

Element Description

<behavior> of <endpointBehaviors>

Contains a collection of settings for the behavior of a service.

Remarks

For a detailed example of using this configuration element, see Authorizing Access to Service Operations.

See Also

Reference

ServiceAuthorizationElement

Other Resources

Authorizing Access to Service Operations

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.