Securing Workflow Services
The Secured Workflow Service sample shows the following procedures:
Creating a basic workflow service using the Receive and SendReply activities.
Using Windows Communication Foundation (WCF) configuration to define secure endpoints for use by the workflow service.
Creating claims inside a custom policy and using the ServiceAuthorizationManager to validate claims.
Using WCF security to secure communication between client and Workflow service, Claims based authorization
This sample demonstrates the use of WCF security infrastructure to secure a workflow service just like you would with a normal WCF service. Specifically, it uses a custom claim for authorization. In this case, it uses WSHttpBinding and message mode security with Windows credentials.
The custom IAuthorizationPolicy (
CustomNameCheckerPolicy) checks the client's Windows username and for a specific character. If that character is present, it creates and adds the claim to the EvaluationContext. By doing this, the custom policy is making the statement that the client has this character in the username. This claim can be queried throughout the lifetime of the call. You can find that character in
The authorization policy looks for the claim inside the
SecureWorkFlowAuthZManager. If it finds it, it returns true and allow the workflow to proceed. Otherwise, it returns false, which causes an 'Access Denied' message to be returned to the client. Other claims are present in the context and can be examined as well inside the
To run this sample
Run Visual Studio 2010 with administrator privileges.
Load SecuringWorkflowServices.sln in Visual Studio 2010.
Press CTRL+SHIFT+B to compile the solution.
Set the Service project as the start-up project for the solution.
Press CTRL+F5 to start the service without debugging.
Set the Client project as the start-up project for the solution.
Press CTRL+F5 to start the client without debugging.
The samples may already be installed on your machine. Check for the following (default) directory before continuing.