WCF是否有MVC的[授权]属性的相同呢？ [英] Does WCF have an equivalent of MVC's [Authorize] attribute?

问题描述

我想装饰的某些业务合同与属性授权主叫方定制逻辑，是这样的：

I want to decorate certain Operation Contracts with an attribute to authorize the caller by custom logic, something like this:

[ServiceBehavior]
public class Service1
{
    [OperationContract]
    [Authorize] // ?? this should make sure only admins can call this method
    public List<SampleItem> GetCollection()
    {
        return new List<SampleItem>() { new SampleItem("Only Admins see me") };
    }
}

在[授权]应该检查是否调用者有权调用此操作;如果没有 - 它应该返回一个错误的故障

The [Authorize] should check if the caller is entitled to call this operation; if not - it should return an error fault.

感谢。

推荐答案

不开箱 - 但WCF顶级大师Juval洛伊有一个非常有趣的文章在MSDN杂志有关的Declarative WCF安全的它出现在同一方向上。

Not out of the box - but WCF top-guru Juval Löwy had a very interesting article in MSDN Magazine about Declarative WCF Security which goes in the same direction.

Juval确定了几个关键的安全方​​案，并包裹他们每个人分成一个WCF服务行为，在服务器端对服务类的属性被应用。相当有趣的阅读哉！

Juval identified several key security scenarios, and wrapped each of them up into a WCF service behavior to be applied as an attribute on your service class on the server side. Quite an interesting read indeed !

这篇关于WCF是否有MVC的[授权]属性的相同呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！