Specifies settings that authorize access to service operations
<behavior> of <serviceBehaviors>
<serviceAuthorization impersonateCallerForAllOperations="Boolean" principalPermissionMode="None/UseWindowsGroups/UseAspNetRoles/Custom" roleProviderName="String" serviceAuthorizationManagerType="String" /> <authorizationPolicies> <add policyType="String" /> </authorizationPolicies> </serviceAuthorization>
The following sections describe attributes, child elements, and parent elements.
A Boolean value that specifies if all the operations in the service impersonate the caller. The default is false.
When a specific service operation impersonates the caller, the thread context is switched to the caller context before executing the specified service.
Sets the principal used to carry out operations on the server. Values include the following:
The default value is UseWindowsGroups. The value is of type PrincipalPermissionMode.
A string that specifies the name of the role provider, which provides role information for a Windows Communication Foundation (WCF) application. The default is an empty string.
A string containing the type of the service authorization manager. For more information, see ServiceAuthorizationManager.
Contains a collection of authorization policy types, which can be added using the add keyword. Each authorization policy contains a single required policyType attribute that is a string. The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. Access control can be granted or denied based on that. For more information, see AuthorizationPolicyTypeElement.
Contains a collection of settings for the behavior of a service.
For a detailed example of using this configuration element, see Authorizing Access to Service Operations.
© Microsoft Corporation. All rights reserved.