ObamasInflationMechanic
New Member
I'm trying to design a web application that would user WCF services to access data and provide business logic. So in general the whole system would look like that:\[code\]UI (ASP.NET MVC)BusinessLayer (WCF Services)DataLayer (Entity Framework)Date (SQL Server Database)\[/code\]All parts of the system will resist on the same, closed environment, so I'm going to use Certificates to secure \[code\]ASP.NET <-> WCF\[/code\] connection. Database connection would use standard EF securities, Connection String and Windows Authentication.The application has to provide authentication and authorization functionality. I'm going to move most of that into ASP.NET, so there will be \[code\]ValidateUserAuth()\[/code\] service method, which will be used to validate credentials, but the result (with \[code\]UserRole\[/code\] that user belongs to) will be then used by ASP to create user session.After that, every Service Method call needs to know the UserRole of current user, to return proper results (or say 'Access denied' if it's necessary). Problem is I don't want to pass that \[code\]UserRole\[/code\] as a parameter for every Service Method! I'd like to make it happen automatically. Is it even possible with WCF?All I need is:
- Every service call made from ASP.NET app will be extended with User data taken from current ASP Session.
- Service Method invoked by that call will be able to recieve that User data and use it to provide results according to user permissions.
- All this would happen somekind on background, so there will be no additional \[code\]UserDetails\[/code\] method parameter added to every Service Method exposed from Service.