Indigo is not always just about 'Web' Services. Sometimes you really want to have a powerful but still modern means to e.g. secure your service app. In the former times you just had to use DCOM for securing your program's communication based on Windows security (without having to revert to ASMX/IIS).

So let's take a look at some sample scenario. We like to be able to configure Windows-based authorization in Indigo for a self-hosted service. We simply want to restrict access to a certain list of users/groups in our domain.

Indigo supports PrincipalPermission and PrincipalPermissionAttribute. So with this, we can decorate our operation like this:

  [PrincipalPermission(SecurityAction.Demand, Name="THINKTECTURE\cweyer")]
  public string DoItBabe(string action)

Adding to this, we can obviously also handle groups through a roles parameter:

  [PrincipalPermission(SecurityAction.Demand, Role="PowerUser")]
  public string DoItBabe(string action)

And yes, we can combine multiple attributes and settings:

  [PrincipalPermission(SecurityAction.Demand, Name=@"THINKTECTURE\cweyer")]
  [PrincipalPermission(SecurityAction.Demand, Role="PowerUser")]
  public string DoItBabe(string action)

Please note that the above code says that either “PowerUsers” or “THINKTECTURE\cweyer” can access the method.

Update: Just saw that Adi also has a similar post … J