确保与几个客户在互联网上的WCF服务的最佳方法 [英] Best way to secure a WCF service on the internet with few clients
问题描述
我期待公开服务通过互联网选择客户。在此阶段,API是非常小的,我只要已知的客户端能够访问该服务。我并不需要能够立即识别的客户端,但是我设想在将来我将需要能够识别客户机,作为API生长
I am looking to expose a service to a selection of clients over the internet. At this stage the api is very small, and I only want known clients to be able to access the service. I don't need to be able to identify the clients now, however I envisage that in future I will need to be able to identify clients, as the api grows.
我想知道什么,以确保服务的最好办法是在短期内,以期从长远来看,我可能希望能够授权对服务的具体方法的客户端访问?
I'm wondering what the best way to secure the service is in the short term, with a view to the longer term where I may want to be able to authorise client access to specific methods on the service?
我想使用传输安全 - 即SSL。我也应该看看使用信息安全与
I was thinking of using Transport security - i.e. SSL. Should I also look at using Message security with
clientCredentialType="certificate"
在其中CLASE每个客户都会有自己的证书,将它们与服务的认证?
in which clase each client will have their own certificate that will authenticate them with the service?
或者我应该简单地提供每个客户端API密钥,将提供客户差异化的相似程度?
Or should I simply provide each client an API key which will provide a similar level of client differentiation?
任何其他建议表示欢迎。
Any other suggestions welcome.
请注意,这是服务接口的服务 - 即,不是一个客户端应用程序。该服务的用户的数量将受到限制,我不预见需要在数据级应用的安全性,moreso在方法访问级别。
Note that this is a service to service interface - i.e. not a client application. The number of users of the service will be limited, and I don't foresee needing to apply security at the data level, moreso at the method access level.
推荐答案
您可以使用自定义用户名/密码验证来验证用户身份或AD认证,以控制谁可以使用该服务。
You could use custom user name/password authentication to authenticate users or AD Authentication to control who can use the service.
最好的解决方案我的脑海里,作为现在,你不想来识别用户是使用自定义的用户名/密码认证,并允许每个人现在。在未来,当你要识别用户,更改代码,并把中的验证
Best solution to my mind as for now as you do not want to identify the users is to use the custom user name/password authentication and allow every one for now. In future when you want to identify users, change the code and put validation in.
参照的 https://msdn.microsoft.com/en-us/library/aa702565(v = vs.110)的.aspx 。在验证功能,不抛出任何异常,现在
Refer to https://msdn.microsoft.com/en-us/library/aa702565(v=vs.110).aspx. In the validate function, don't throw any exception for now
这篇关于确保与几个客户在互联网上的WCF服务的最佳方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
