Exercise 2: Implement Security Features on the Workflow Service

Article
03/05/2010

In this exercise, you will implement CLR-based role- and claim-based authorization on the workflow service you created in Exercise 1: Create a Basic Workflow Service. These two authorization models work together to secure access to your service.

For workflow services, role-based authorization relies on the PrincipalPermissionRole and PrincipalPermissionName properties, which create an internal PrincipalPermission object that demands that the identity of the current principal matches that specified by the current permission. For example, you can restrict access to certain operations by only allowing users who belong to a specific NT account group.

Claims are assertions made about the message. These assertions are generated and stored on the message as the message travels through the WCF channel pipeline. These set of claims are then compared to a set of requirements that are specified on the activity. If there is a claim found for each of the requirements and a proper comparison can be done, then the security requirements are deemed to be satisfied.