When several destinations use the same security settings, you should define one security constraint in the security section of the services configuration file and refer to it in each destination (global security constraints).
Security constraint can be declared in a destination definition too (inline).
Declarative security check to specific functions can be made using the com.TheSilentGroup.Fluorine.RoleAttribute attribute.
The RoleAttribute holds a comma-separated list of roles.
using com.TheSilentGroup.Fluorine;
public class SecureService
{
[Role("admin,user")]
public void SecureService()
{
}
}
Additionally, you can access the values of the principal object directly by reading the current thread or HttpContext principal
and perform checks with the use of IsInRole method to perform authorization
IPrincipal principal = HttpContext.Current.User;
if ( principal.IsInRole("admin") )
{
...
}