In Asp.Net MVC you can attach various attributes to the controllers actions. One of them is Authorize which is used to managed access.

[Authorize]
public ActionResult Index()
{
    var profile = _service.GetByName(UserName);
    return RedirectToAction("Details", new { id = profile.ID });
}

In this example every time user runs the Index action Authorize class performs :

    1. Check if user is in list of users in the Authorize User parameter.
      • you can set usernames parameter
    1. Check if the user is logged in.
if (!user.Identity.IsAuthenticated)
{
        return false;
}
    1. Check if user is atlest in one role definied in authorize parameters
      • role check looks like this
if (!Enumerable.Any<string>(roles, new Func<string, bool>(user.IsInRole)))
{
        return false;
}

In my scenario I have database with all the data required for the membership provider on another server. Simple methods like ValidateUser are on the wire. Default Authorize class uses the user.IsInRole which needs “local” role provider . With DB behind the service layer it won’t work at all.  I have launched ILSpy and made a little research.

It appears that Authorize Attribute is not sealed and you can extend its behaviors. Mehods inside class are marked as virtual so you can easily override them.

So here is my implementation of Authorize class over WCV. Most important part is the call service.IsUserInroles(name). Service through WCF check the roles and return boolean value.

    public class AuthorizeAttributeWCF : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }
            IPrincipal user = httpContext.User;
            if (!user.Identity.IsAuthenticated)
            {
                return false;
            }
            if (this.Users.Length > 0 &amp;&amp; !Enumerable.Contains<string>(this.Users.Split(','
                ), user.Identity.Name, StringComparer.OrdinalIgnoreCase))
            {
                return false;
            }
            if (this.Roles.Length > 0)
            {
                string [] roles = this.Roles.Split(',');
                var service = new ProfileService.ProfileServiceClient();
                return service.IsUserInRoles(user.Identity.Name,roles);
            }
            return true;
        }
    }

Method used in my service

        public bool IsUserInRoles(string userName,string[] roles)
        {
            foreach (string s in roles)
            {
                if (Roles.IsUserInRole(userName,s))
                {
                    return true;
                }
            }
            return false;
        }