You must Sign In to post a response.
  • Category: WCF

    How to restrict wcf methods to clients

    Hi all,

    I am working on wcf application,i want to give me service methods access to some clients,
    i want to know how to restrict method acceess for client,
    reply pls
  • #759587

    To restrict WCF methods to clients, Check these links

  • #759597
    Hi ,

    if u want to hide some methods to clients then do one thinks like the sample i will share for uu.

    public interface IStudentEnrollmentService
    void EnrollStudent(Student s);

    Student[] GetEnrolledStudents(); // Visible for clients

    here if u mention the method as operation contract, then it will visible for client..

    if u remove the operation contract from the methods then it wouldn't be visible for client like

    public interface IStudentEnrollmentService
    void EnrollStudent(Student s);

    Student[] GetEnrolledStudents(); // invisible to clients

    hope u will understand the concept of WCF..


  • #759603
    Hi Ramana.

    To make few methods invisible for clients you should remove the [operation contract] attribute of the method.

    Methods with out operation contract attribute are not available for clients.

    By applying the role based security you can restrict the particular client from accessing your resources.

    [PrincipalPermission ( SecurityAction. Demand,
    Role = "Admin")]
    public double Add(double a, double b)
    return a + b;
    [PrincipalPermission ( SecurityAction. Demand,
    Role = " User")]

    For using certificate to restrict users refer below link.


    Sridhar Thota.
    DNS Member.
    "Hope for the best.. Prepare for the worst.."

    Sridhar Thota.
    Editor: DNS Forum.

  • #759801
    Hai Ramana,
    Yes, The role based security can be applied to the individual operation contract in WCF services.
    if we have the set of users under the particular role, we can provide the security so that only particular group of user can get those operations when consuming the service.
    To assign the security based on the operation, we have the predefined annotation PrincipalPermission which can be set as:
    [PrincipalPermission(SecurityAction. Demand,Role = "Role1")]
    void Operation1();
    [PrincipalPermission(SecurityAction. Demand,Role = "Role2")]
    void Operation2();
    Hope it will be helpful to you.

    Pawan Awasthi(DNS MVM)
    +91 8123489140 (whatsApp), +60 14365 1476(Malaysia)

  • Sign In to post your comments