如何保护WCF服务方法 [英] How to secure WCF Service methods

问题描述

我是WCF服务的新手.
我在wcf服务中创建了2种方法，如下所示:

[OperationContract]
字符串GetEmployee(int i);

[OperationContract]
字符串GetEmployeeDetails(int i);

成功构建项目并使用服务引用之后，我就能看到这两种方法(GetEmployee和GetEmployeeDetails).

假设我需要向组织外部提供此服务方法"GetEmployee"，如何防止其他人访问驻留在同一服务中的"GetEmployeeDetails"方法?

希望大家都明白我的要求.请建议我如何
实现此

问候，
Veerendranadh

Hi, i am new to WCF Services.

I have created 2 methods in wcf services like this:

[OperationContract]
string GetEmployee(int i);

[OperationContract]
string GetEmployeeDetails(int i);

After i successfully build the project and used the service reference, i am able to see both the methods (GetEmployee & GetEmployeeDetails).

Suppose if i need to provide this Service method "GetEmployee" to outside of my organization, how can i prevent others from accessing "GetEmployeeDetails" method which resides in the same service?

Hope, everyone understand my requirement. Please suggest me how to
achive this

Regards,
Veerendranadh

推荐答案

您好Veerendranadh，
我要说的是，如果这两种方法都在相同的端点/接口中，则它们将具有相同的安全性配置(证书，凭证或其他内容).这样，与来自外部的用户相比，来自公司内部的呼叫将具有比其他用户更多的权限.您可以使用用户角色来实现.
另一种选择是创建两个接口，一个接口可以从内部访问，另一个接口可以从外部访问.您可能需要内部访问证书，因此它非常安全.

请注意，有许多方法可以实现此目的.从这里您可以研究两个方向.

问候，

Francesc

Hi Veerendranadh,
I''d say that if both methods are in the same endpoint/interface they will have the same security configuration (certificate, credentials or whatever). Then, what the calls from inside the company would have an authentication with more rights than a user from outside. You could implement this with user roles.
Another option is to create two interfaces, one to be accessed from inside and the other from outside. You could require a certificate for internal access, so it could be very secure.

Note that there are many ways to implement this. From here you can study both directions.

Regards,

Francesc

这两种方法将共享相同的安全性配置，因为它们在同一服务中具有相同的终结点配置.您将不得不将这些方法分离到不同的服务中，或者对其中一种方法进行额外的安全检查，例如传递用户名和密码来验证授权.

Both methods will share the same security configuration as they are in the same service with the same endpoint configuration. You would have to either seperate the methods into different services or provide additional security checks to one of the methods, such as passing a username and password to validate authorization.

感谢Nischalke和Castells.

您的回答使我走得更远.
再次感谢.

Veerendranadh

Thanks Nischalke and Castells.

Your answers helped me to go further.
Thanks again.

Veerendranadh

这篇关于如何保护WCF服务方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！