Silverlight/WCF登录会话 [英] Silverlight/WCF login session

问题描述

我正在使用Silverlight的系统上工作，并使用WCF调用服务来完成服务器端的所有工作.

I am working on a system with Silverlight and using WCF to call services to do all of the work on the server side.

我需要有一个用户登录到系统，验证之后，对服务器的所有调用都必须包含用户信息，以便服务器可以检查安全策略并根据用户执行其他操作.

I need to have a user log into the system, and once they are verified, all calls to the server need to contain the user info so the server can check security policies and do other operations based on the user.

做到这一点的最佳方法是什么?我可以创建某种用户类，并在每次调用时将其发送到服务器，但是有没有更好的方法可以通过Silverlight和或WCF做到这一点?

What is the best way to do this? I can create some kind of a user class and send it to the server with every call, but is there a better way to do this with Silverlight and or WCF?

推荐答案

我将使用基于标准令牌的方法.当您登录到服务器时(通过按照建议的方式通过用户类传递所有必需的信息)，服务器将以令牌进行响应.其他每一次服务器调用都需要一个有效的令牌.然后，服务器验证令牌仍然有效(一段时间后它将自动过期)，并且令牌来自同一台计算机/用户(例如，您可以检查IP地址).

I would use standard token based approach. When you login to the server (by passing all required information through a user class as you suggested) the server will respond with a token. Every other server call will require a valid token. Server then validates that the token is still valid (it will automatically expire after some time) and that it comes from the same machine/user (you can check IP address for example).

这可能是我要实现的方式.您不想每次服务器调用都传递所有用户信息.(如果您在Intranet上，则可能要使用模拟或类似的方法.)

This is probably the way I would implement that. You don't want to pass all the user information with every server call. (If you are on Intranet you might want to use impersonation or something like that.)

这篇关于Silverlight/WCF登录会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！