wcf wsHttpBinding and disabling anonymous access

Question

http://blogs.msdn.com/drnick/archive/2007/03/23/preventing-anonymous-access.aspx

Can someone clarify whether it is possible to use wsHttpBinding in WCF and disable anon

Answer 1

you are right, afaik in the scenario you describe wsHttpBinding requires us to use the internal WCF security stack. So what you would typically do is

• leave anonymous access enabled
• create a serviceBehavior with
• annotate every concrete implementation of a service method using the PrincipalPermissionAttribute, which is a quite powerful tool with many different options to control access

Would that be an acceptable solution for you or are there any other things to consider?

Basic Example:

public class TestService : ITestService
{
  [PrincipalPermission(SecurityAction.Demand, Name = "testdomain\\administrator")]
  public string DoWork()
  {   
    return "Hello World " + Thread.CurrentPrincipal.Identity.Name;
  }
}