Exercise 2: Implement Security Features on the Workflow Service
In this exercise, you will implement CLR-based role- and claim-based authorization on the workflow service you created in Exercise 1: Create a Basic Workflow Service. These two authorization models work together to secure access to your service.
For workflow services, role-based authorization relies on the PrincipalPermissionRole and PrincipalPermissionName properties, which create an internal PrincipalPermission object that demands that the identity of the current principal matches that specified by the current permission. For example, you can restrict access to certain operations by only allowing users who belong to a specific NT account group.
Claims are assertions made about the message. These assertions are generated and stored on the message as the message travels through the WCF channel pipeline. These set of claims are then compared to a set of requirements that are specified on the activity. If there is a claim found for each of the requirements and a proper comparison can be done, then the security requirements are deemed to be satisfied.
In This Section
Task 1: Enable Role-based Authorization on the Workflow Service
Task 2: Enable Claim-based Authorization on the Workflow Service
Reference
PrincipalPermissionRole
PrincipalPermissionName
PrincipalPermission
Related Sections
Managing Claims and Authorization with the Identity Model
Prescriptive Security Guidance for Workflow Services
See Also
Other Resources
Tutorial: Create a Workflow Service
Copyright © 2007 by Microsoft Corporation. All rights reserved.
Last Published: 2010-03-04