What are two possible ways to achieve this goal?

You are developing a Windows Communication Foundation (WCF) service that returns location information
for authorized law enforcement agencies. The service contract is as follows:

[ServiceContract]
public interface IMappingService
{
[OperationContract]
long[] GetLocationCoordinates(String cityName);
[OperationContract]
long[] GetLocationOfCitizen(String ssn);
}

Users are authenticated and impersonated. The system uses ASP.NET roles.
The members of law enforcement are members of the LawEnforcement role.
You need to ensure that only members of the LawEnforcement role can call these methods.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

You are developing a Windows Communication Foundation (WCF) service that returns location information
for authorized law enforcement agencies. The service contract is as follows:

[ServiceContract]
public interface IMappingService
{
[OperationContract]
long[] GetLocationCoordinates(String cityName);
[OperationContract]
long[] GetLocationOfCitizen(String ssn);
}

Users are authenticated and impersonated. The system uses ASP.NET roles.
The members of law enforcement are members of the LawEnforcement role.
You need to ensure that only members of the LawEnforcement role can call these methods.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.
Add a PrincipalPermissionAttribute to each method that should be available only to members of law enforcement.
Set its SecurityAction to Demand and set the role equal to LawEnforcement.

B.
Use the CurrentPrincipal property of the thread. Call the IsInRole method specifying LawEnforcement as a parameter.

C.
Create a GenericPrincipal specifying Thread.CurrentPrincipal.Identity as the IIdentityParameter
and LawEnforcement as the only value for the Roles parameter.

D.
At the beginning of each method, enumerate each ClaimSet in a new WindowsClaimSet.
Use the FindClaims method to locate a claim type named Role with a right named LawEnforcement.

Explanation:
Thread.CurrentPrincipal Property
Gets or sets the thread’s current principal (for role-based security).

Thread.CurrentPrincipal Property
(http://msdn.microsoft.com/en-us/library/system.threading.thread.currentprincipal.aspx)

To demand user membership:
* Open the Windows Communication Foundation (WCF) code file that contains the implemented service contract code.
* Apply the PrincipalPermissionAttribute attribute to each method that must be restricted to a specific group.
* Set the Action property to Demand and the Role property to the name of the group.

For example:

// Only members of the CalculatorClients group can call this method.
[PrincipalPermission(SecurityAction.Demand, Role = “CalculatorClients”)]
public double Add(double a, double b)
{
return a + b;
}

How to: Restrict Access with the PrincipalPermissionAttribute Class
(http://msdn.microsoft.com/en-us/library/ms731200(v=vs.90).aspx)



Leave a Reply 1

Your email address will not be published. Required fields are marked *