Does WCF have an equivalent of MVC's [Authorize] attribute?

Question

I want to decorate certain Operation Contracts with an attribute to authorize the caller by custom logic, something like this:

[ServiceBehavior]
public class         


        

Answer 1

Not out of the box - but WCF top-guru Juval Löwy had a very interesting article in MSDN Magazine about Declarative WCF Security which goes in the same direction.

Juval identified several key security scenarios, and wrapped each of them up into a WCF service behavior to be applied as an attribute on your service class on the server side. Quite an interesting read indeed !

Answer 2

In my WCF application, I've largely overrided all the default authentication and authorization stuff, and I use some custom processing of the PrincipalPermissionAttribute to check my custom security permissions.

I have some code snippits of how I did this in this post: .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

Answer 3

WCF doesn't have any special attribute for this purpose but you can use PrincipalPermissionAttribute - common approach for declarative role-based security in .NET.