Search code examples
silverlightwcf-ria-services

Having a problem with RequiresRole attribute on RIA Domain service

My question is similar to this question. I hope I can provide some more detail and context to get it answered.

So here's some context: I have a simple in-house silverlight (ver 4) app with WCF Ria services that I'm building for our small support team. It uses authentication against a third-party vended database, but all other user information, e.g. FriendlyName and Roles (only 1 role per user) comes from our own database. I'm trying to keep this simple and don't want to implement custom membership and role providers.

I have few domain service operations that I want to restrict to certain roles, so I tried using the RequiresRole attribute like so:

[RequiresRole("Admin", "HelpDesk", "Billing" )]
public RisStudyInfo GetStudyInfo(string accession) {
    return ris.GetStudyInfo(accession);
}

On the client side WebContext.Current.User.IsInRole("Admin") returns true, but I always get access denied when calling the service. The RequiresAuthentication attribute works as expected.

Below is the implementation of my AuthenticationService. The User class simply inherits from UserBase and adds the FriendlyName property. Any ideas what I'm doing wrong?

[EnableClientAccess]
public class AuthenticationService : AuthenticationBase<User> {

    UserDataService userData = new UserDataService();

    protected override bool ValidateUser(string userName, string password) {
        var auth = new DatabaseAuthenticator();
        return auth.Authenticate(userName, password);
    }

    protected override User GetAuthenticatedUser(IPrincipal principal) {
        User user = null;
        if (principal.Identity.IsAuthenticated) {
            user = new User();
            user.FriendlyName = userData.GetFriendlyName(principal.Identity.Name);
            user.Name = principal.Identity.Name;
            user.Roles = GetRolesFor(user.Name);
        }
        return user;
    }

    private IEnumerable<string> GetRolesFor(string username) {

        IList<string> roles = new List<string>();

        string role = userData.GetRolesFor(username);
        if (role != null)
            roles.Add(role);

        return roles;
    }
Solution

  • Figured it out. At least 2 things wrong. First clue found here. The second clue here

    1.Turns out I really do need to write a custom role provider. Only need to implement GetRolesForUser though.

    public override string[] GetRolesForUser(string username) {
   return new string[] { _userService.GetRolesFor(username) };
}

    2.Configure the custom role provider correctly in the web.config

    <roleManager cacheRolesInCookie="true" enabled="true" defaultProvider="MyRoleProvider">
    <providers>
      <add name="MyRoleProvider" type="MyProject.Web.Providers.MyRoleProvider, MyProject.Web"/>
    </providers>
</roleManager>