使用WCF身份验证服务 [英] Authentication Service using WCF
问题描述
我有一个自定义的MembershipProvider如下所示。它验证对Active Directory用户名和密码。我想提出这是一个认证服务。如果客户端使用窗体身份验证或Windows身份验证这应该均匀。
有一个WCF人力资源服务,这是提供员工信息。该人力资源UI网站使用人力资源服务WCF服务。现在,我们需要确保使用人力资源服务的任何客户端应该访问人力资源服务的操作之前,使用身份验证服务进行身份验证。如果客户端应用程序是通过身份验证后,下一次起它不应该再次验证(直到应用程序被关闭)。当客户端应用程序的新实例被打开它需要从开始认证
我们如何achive呢?难道我们有什么code样品的端到端流程演示?
注:我应该能够使用的自托管服务,以测试它
注意:客户端可以是任何平台(如Java的)的
。 命名空间LijosCustomValidation
{
公共密封类LijoMembershipProvider:的MembershipProvider
{
公众覆盖布尔的ValidateUser(用户名字符串,字符串密码)
{
布尔的isValid = TRUE;
//我的逻辑来验证用户名和密码
返回的isValid;
}
//其他摘自的MembershipProvider方法的实现
}
您的身份验证服务应该返回一个标记,如果身份验证是成功的。然后这个令牌又应该psented的人力资源服务$ P $。
您有几个选项哪些人力资源服务确实在这一点上。它可以知道的秘密来验证令牌,或者需要调用身份验证服务来验证令牌。
该标记应该是有一定价值,可如果你知道这个秘密进行验证,因此它可能什么东西,说用户ID,即对称加密。理想情况下,应该有它的时间成分prevent重放攻击。
我会建议一些类似
<哈希值GT; |<令牌问题时间> |<使用者ID>
哈希值应该是先管后一切散列(SHA1,MD5等)。然后,您可以的base64 EN code的结果,并通过它周围。那么验证令牌可以检查的签发日期是在一定时间范围内。
您还具有存储在所述客户端中的令牌在cookie和通过作为cookie的服务,或使其成为一个参数上的服务的选项。可能还有其他的选择,具体取决于您的客户端架构和放大器;如何你想构建你的服务。
I have a custom MembershipProvider as shown below. It validate user name and password against Active Directory. I would like to make this as an "authentication service". This should work even if the client uses forms authentication or windows authentication.
There is a WCF "HR Service" which is providing employee information. The "HR UI" website is using "HR Service" WCF service. Now we need to ensure that any client using the "HR Service" should be authenticated using "authentication service" before accessing the operation of "HR Service". If the client application is authenticated once, next time onwards it should not be validated again (till the application is closed). When a new instance of the client application is opened it need to be authenticated from beginning.
How do we achive it? Do we have any code samples for the end to end flow demonstration?
Note: I should be able to test it using self hosted services.
Note: The client can be of any platform (e.g. Java).
namespace LijosCustomValidation
{
public sealed class LijoMembershipProvider : MembershipProvider
{
public override bool ValidateUser(string username, string password)
{
bool isValid = true;
//my logic to validate the user name and password
return isValid;
}
//other implementations of Abstract Methods from MembershipProvider
}
Your auth service should return a token if the auth is successful. This token in turn should then be presented to the HR service.
You have a couple of options as to what the HR service does at this point. It can either know the secret to validate the token, or it needs to call the auth service to validate the token.
The token should be some value that can be validated if you know the secret, so it could something, say the users id, that is symmetrically encrypted. Ideally it should have a time component in it to prevent replay attacks.
I'd suggest some something like
<hash value>|<token issue time>|<user id>
The hash value should be hash (sha1, md5, etc) of everything after the first pipe. You can then base64 encode the result and pass it around. Validating the token could then check the issue date was within a certain time-frame.
You also have the option of storing the token in the client in a cookie and passing as a cookie to the services, or making it a parameter on your services. There may be other options, depending on your client architecture & how you want to structure your services.
这篇关于使用WCF身份验证服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
