News:
[ServiceContract]
public interface IOrderProcessing
{
[OperationContract]
void ApproveOrder(int id);
}
You need to ensure that only users with the Manager role can call the ApproveOrder method What should you do?
In the method body, check the Rights PosessesProperty property to see if it contains Manager
Add a PrincipalPermission attribute to the method and set the Roles property to Manager
Add a SecurityPermission attribute to the method and set the SecurityAction to Demand.
In the method body, create a new instance of WindowsClaimSet. Use the FindClaims method to locate a claimType named Roee with a right named Manager