I'm trying to create a flexible security infrastructure for our WCF services on our intranet, but I'm not quite sure where I should put this code ... there are so many different ways to extend WCF that I don’t know where to start ...
The basic idea: every time my service is called - for any operation - I want some code to run that performs a user access check using our existing security infrastructure to find out if the user has access to perform the operation. If the user is not authorized, I want him to throw an exception or something (not sure what he should actually do), and do not let the collision do this in my service code.
Thoughts?
thank
source
share