ProvideBrokeredServiceAttribute.AllowTransitiveGuestClients Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets a value indicating whether guest clients are allowed to transitively acquire this service.
By default (false), only owners are allowed to access a brokered service. To opt-in to allowing
guests to acquire the proffered service, set this to true. By setting this to true the service
now has sole responsibility in correctly using IAuthorizationService
to authorize sensitive operations.
public:
property bool AllowTransitiveGuestClients { bool get(); void set(bool value); };public bool AllowTransitiveGuestClients { get; set; }member this.AllowTransitiveGuestClients : bool with get, setPublic Property AllowTransitiveGuestClients As BooleanProperty Value
Remarks
Whereas Audience is an architectural control, this property defines the security boundary.
Transitive Access Example: Service A performs sensitive operations. It is proffered with RemoteExclusiveClient so that it can only be *directly* acquired by owners. However, this is not sufficient to prevent unauthorized access. If Service B is proffered with AllClientsIncludingGuests, it can be *directly* acquired by guests. When Service B internally acquires an instance of Service A, this means that guests now have *indirect* access to the sensitive operations in Service A. If Service A has not implemented authorization to guard sensitive operations, this indirect access violates the security boundary.
In order to prevent untrusted parties transitively aquiring a service that should require authorization, by default all brokered services are only accessible to owners. This is regardless of the value of Audience. In the example above, if Service B has been aquired by a guest, the attempt to acquire Service A will fail.
When a service has implemented authorization to guard sensitive operations, it can opt-in to allowing guest acquisition by setting this property to true.