在方案中，其中一个Silverlight应用程序调用自承载WCF服务的身份验证选项 [英] Authentication options in a scenario, where a silverlight application is calling a self-hosted wcf service

问题描述

我们的系统由一个自托管（非IIS）WCF服务和Asp.net网站它承载Silverlight应用程序的。该应用程序是应该做的pretty太多的一切，该网站只是一个壳，在这种情况下。

Our system consists of a self-hosted (non-IIS) WCF service and an Asp.net website which hosts a Silverlight application. The application is supposed to do pretty much everything, the website is just a "shell" in this case.

我们有一个很难搞清楚如何安全地解决用户身份验证。

We have a hard time figuring out how to solve user authentication securely.

据我所知，Silverlight的不能处理Windows身份验证，没有任何形式的凭据对象。我们能想到的，最好的是，当他请求页面时，它承载的应用程序对用户进行认证。然后，我们可以通过用户名在其初始化参数的应用程序。

To my knowledge, Silverlight can not handle windows authentication, does not have any kind of credentials object. The best we can think of, is to authenticate the user when he requests the page, which hosts the app. Then we can pass the user name to the app in its' init parameters.

这样，我们具有可以被发送到WCF服务一个用户名，并且可以作为用于处理的角色的位置。问题是，任何人都可以拨打我们的服务没有Silverlight客户端，并传递一个用户名。此外，WCF服务和Silverlight应用程序之间发送的未加密敏感数据是一个坏主意。所以，我的问题是：

That way we have a username which can be sent to the wcf service, and can serve as a base for handling roles. The problem is, anyone can call our service without a silverlight client, and pass in a user name. Also, sending unencrypted sensitive data between the WCF service and the Silverlight app is a bad idea. So, my question is:

如何在这种情况下安全地验证客户端？

推荐答案

我发现本文中的答案是：

I found the answer in this article:

<一个href=\"http://www.silverlightshow.net/items/Building-a-Silverlight-Line-Of-Business-Application-Part-3.aspx\" rel=\"nofollow\">http://www.silverlightshow.net/items/Building-a-Silverlight-Line-Of-Business-Application-Part-3.aspx

这篇关于在方案中，其中一个Silverlight应用程序调用自承载WCF服务的身份验证选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！