I have a WebService built into WCF (C # .Net) that contains dozens of methods. On all methods, I did not check if the current user has access to this specific action.
I now have something like this:
public MyContract MyMethod(int MyParameter) { ValidateAccess(MyCurrentIdentityInfo, ActionEnum);
You will notice that I first call the method to check the permissions, and then execute the code that I need. This code works fine, but I have to call this method for every method in my service, and I haven't found it enough.
Is there a more elegant way to achieve what I'm trying to do? I tried to use a custom attribute but could not.
Please note that I am NOT trying to authenticate the user in the WebService itself . In the above example, the user will act in the WebService. But I would like to run my own code to check if it can call a method that deletes a record, for example.
source share