Kanithi's Professional Blog

May 12, 2010

How to create a dynamic rule or authorization in WCF service

Filed under: .NET — Veera Kanithi @ 4:51 pm

In order to create a dynamic or customized code for authorization, WCF provides a serviceauthorization, here is the way to implement it.

For example if i have a service which updates Employee information and need validation that only employees that have group ID as “12345” could be updated, in order to do this follow the below steps

  • Add a new class (Validation) to your project and have this class inherit from the ServiceAuthorizationManager class in the System.ServiceModel namespace. (The ServiceAuthorizationManager class provides an Overridable method called CheckAccess(). This passes information about the current request in the OperationContext, and also passes in the messgae data itself by reference.
  • Override the CheckAccess() method and the class should look like below

public class Validation : ServiceAuthorizationManager
    {
        public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
        {}

  • In the body of the function, remove any existing code. Since this validation is applied on all OperationContracts or Methods, you can add filters for specific actions, in my example i want this validation to apply only on OperationContract UpdateEmployee then following is the way to apply the filter

string action = operationContext.RequestContext.RequestMessage.Headers.Action;
if (action.EndsWith(“UpdateEmployee")){}

  • So once we have the filter then that is where we need to create a buffered copy of the message by calling the CreateBufferedCopy() of the message argument

var copy = message.CreateBufferedCopy(100000);

  • Using the copy variable, we can clone the message by calling the CreateMessage(), and then get access to the body contents by calling GetReaderAtBodyContents(). Store this into an XmlReader object, and also put this into using block to ensure cleanup. (Trick here is that we are only allowed to read the message once. So what we are doing is creating an in-memory buffer from the message, then using that to inspect the data.)

using (XmlReader reader = copy.CreateMessage().GetReaderAtBodyContents())
                {
                    while (reader.Read())
                    {

}}

  • From here, we’re using regular .NET XML code. Inside the loop check to see if the current node Name contains GroupID. (GroupID is the name of the element that holds the GroupID of the employee, its a part of DataMember). If it does, then read the contents of the element as a string, and check if the string contains the text “12345”. If it does, then access will be allowed, otherwise denied. Here is the complete code of the Validation class looks like.

public override bool CheckAccess(OperationContext operationContext, ref System.ServiceModel.Channels.Message message)
        {
            string action = operationContext.RequestContext.RequestMessage.Headers.Action;
            bool allowedAccess = false;

            if (action.EndsWith("UpdateEmployee"))
            {
                var copy = message.CreateBufferedCopy(100000);
                using (XmlReader reader = copy.CreateMessage().GetReaderAtBodyContents())
                {
                    while (reader.Read())
                    {
                        if (reader.Name.Contains("GroupID"))
                        {
                            string role = reader.ReadElementContentAsString();
                            allowedAccess = role.Contains("12345");
                        }
                    }
                }
                message = copy.CreateMessage(); //Generate a fresh copy of the message so that it can be processed by WCF.
            }
            else
            {
                allowedAccess = true;
            }
            return allowedAccess;
        }
    }

  • The final step is to plug this authorization class into your service using configuration as follows

<serviceBehaviors>
                <behavior name="Service1Behavior">
                    <serviceAuthorization serviceAuthorizationManagerType="Validation, Service1"/>
                </behavior>
            </serviceBehaviors>

How to hide Left Navigation Menu (Quick Launch) in SP

Filed under: MOSS 2007 — Veera Kanithi @ 1:42 pm

Quick Launch is rendered using a delegate control by SPContentSiteMap provider.

  1. One  way to remove the Quick Launch bar is to modify the Master Page to remove the delegate control
  2. Other way is to hide the Quick Launch in a Content Editor Web Part as follows.
    • Add Content Editor Web Part to a Web Part Zone
    • Select Edit – Modify Shared Web Part
    • Under Layout, check the Hidden option
    • Click the Source Editor button and add the following CSS
    • <style>
      .ms-navframe {
      display:none;
      }
      </style>

Blog at WordPress.com.