I've been struggling to get security exceptions to propagate from a WCF service down to a WPF client while using the EntLib exception handling application block.
What I would like to do is throw a SecurityException in WCF when a user has insufficient rights and have that translated on the client as a SecurityAccessDenied exception, as is the WCF way.
I've read that WCF captures this SecurityException and transforms it into a simple FaultException with the error message "Access Denied". Clientside this specific fault is caught by the WCF client plumbing and transformed into a SecurityAccessDenied
exception, which you can then catch & display a proper message.
Now in EntLib what we want to do is use the "All Exception"' Exception Type rule to capture any exception that isn't caught by a specific rule from the WCF service and wrap it into a general service fault.
This "All Exception" rule also catches the FaultException for the security exceptions, which makes sense. Problem is we don't want it to do this, because this hides the error from being spotted by the client. Adding a specific rule for SecurityException
or SecurityAccessDeniedException doesn't work either because WCF has already transformed the exception into FaultException("Access Denied") before it enters into EntLib...
Since FaultException is too general to catch with a rule, there doesn't seem to be a way to distinguish this specific security exception.
I'm thinking someone else must have been running into this before, so if anyone has any ideas on how to do this, I'd be happy to hear.