保护WCF RESTful服务-除非经过身份验证，否则无法调用它 [英] Securing a WCF RESTful service-- can't call it unless authenticated

问题描述

我要编写一个具有webHttp或basicHTTP绑定的RESTful WCF服务-没什么花哨的.

I'm going to write a RESTful WCF service with webHttp or basicHTTP bindings-- nothing fancy.

但是，我想对其进行保护，以便除非有人通过我的ASP.Net MVC网站登录/通过身份验证，否则他们将无法使用该服务.我一定在错误的地方找东西，因为我所读到的每篇讨论或文章都涉及通过证书或SSL保护服务调用.

However, I would like to secure it so that unless someone has logged into / authenticated against my ASP.Net MVC website they can't use the service. I must be looking in the wrong places because every discussion or article I read about this deals with securing the service calls via certificates or SSL.

这很高兴知道，但是我对如何阻止某人使用该服务，向他们发送错误消息(除非他们已登录)产生了更大的兴趣?我正在使用表单身份验证FWIW，但也有兴趣学习如何使用OAuth进行此操作.感谢您的提示和建议.

That's good to know, but I'm more interested in how to prevent someone from using the service, giving them an error message, unless they're logged in? I'm using forms authentication FWIW but would be interested in learning how to go about this using OAuth as well. Thanks for your tips and advice.

推荐答案

我会说这是与此重复的问题:

I would say that this is a duplicate question to this one: How do I set oAuth authentication for a WCF REST C# Site . However, the information there is quite limited as well. You can also look at this article: http://weblogs.asp.net/cibrax/archive/2008/11/14/oauth-channel-for-wcf-restful-services.aspx .

这篇关于保护WCF RESTful服务-除非经过身份验证，否则无法调用它的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！