在 WCF 中为每个调用进行身份验证 [英] Authentication in WCF for every call

查看:39
本文介绍了在 WCF 中为每个调用进行身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在以完全断开连接的方式从 Silverlight 应用程序使用大量 WCF 服务.

我想确保我知道调用每项服务的用户,但我不知道是否有标准方式".

我想到了一个 Login 方法来获取令牌,然后在每次调用中传递用户名及其令牌以确保他/她被记录并有权执行它.

在我自己的 SQL Server 中是否有任何几乎完成"的方式使用 ASP.NET 授权?或者我只能使用它的表格,但我必须手动"这样做???

提前致谢!!!

解决方案

听起来使用 ASP.NET Membership 可能更适合您.您可以使用两种方法.第一种是使用由 aspnet_regiis 生成的默认成员资格表.此选项的优点是基本上已为您完成.在这种情况下,您需要做的就是运行 aspnet_regiis 工具,然后将必要的部分添加到您的 WCF 服务的 Web.config 中,如此处.然后,在调用服务时,您需要按照 此处 所述为您的绑定设置凭据a> - 特别是关于在使用服务时为您的绑定设置 ClientCredential 的部分.

另一种选择是编写您自己的自定义成员资格提供程序,如此处所述.这允许您在存储和管理用户方面在幕后做任何您想做的事情,而不是使用预先构建的 ASP.NET 机制.如果您正在与现有用户群结交或希望对事情的实施方式有更多的控制,那么这是一个很好的方法.

另外,请记住,ASP.NET 成员身份并不是保护 WCF 服务的唯一选择.花一些时间阅读您的选择,其中包括:

该列表来自这个博客发布,这是您开始探索选择的好地方.仔细阅读它们将使您有机会了解每个的优点、缺点和特点,以便您可以选择最适合您目的的一个.您还可以从关于 WCF 安全性的 MSDN 文章开始此处.>

总而言之,是的,使用 ASP.NET Membership 有一种几乎完成"的方法,它应该不会太难实现,但在开始潜水之前也需要一些时间来探索您的其他选择一个,因为它们都有权衡,如果您认为自己选择的方法不合适,您不希望在将来重新实现它.

I'm consuming a lot of WCF Services from a Silverlight application in a totally disconnected-way.

I want to ensure that I know the user who is calling every service and I don't know if there is a "standar way".

I've thought of a Login method to get a Token and then pass the username and its token in every call to ensure he/she is logged and has permissions to execute it.

Is there any "almost-done" way with ASP.NET authorization in my own SQL Server? Or I can only use its tables but I'll have to do it "manually"???

Thanks in advance!!!

解决方案

It sounds like using ASP.NET Membership might be a good fit for you. There's two approaches you an use with this. The first is to use the default membership tables as generated by aspnet_regiis. This option has the advantage of being basically done for you. In this case, all you'd need to do is run the aspnet_regiis tool, then add the necessary portions to the Web.config for your WCF service as described here. Then, when calling the service you need to set credentials for your binding as described here - specifically the portion about setting ClientCredential for your binding when consuming the service.

The other option is to write your own custom membership provider as described here. This allows you to do whatever you want behind the scenes in terms of storing and managing your users, rather than using the pre-built ASP.NET mechanisms. This is a good approach if you're mating with an existing user base or want to have more control over how things are implemented.

Also, keep in mind that ASP.NET Membership isn't your only option for securing your WCF service. Spend some time reading up on your options, which include:

  • Windows Authentication and Windows Authorization via transport level security on basicHttpBinding
  • Windows Authentication and Windows Authorization via message level security on wsHttpBinding
  • UsernamePasswordToken Authentication with ASP.NET Membership and ASP.NET Role Authorization via message level security on wsHttpBinding
  • UsernamePasswordToken Authentication with custom validator via message level security on wsHttpBinding
  • Authorization using a custom Authorization Policy
  • Impersonation using Windows credentials

That list comes from this blog post, which is a good place for you to start exploring your options. Reading up on them will give you the opportunity to learn the strengths, weaknesses, and features of each so that you can choose the one that best suits your purposes. You can also begin with the MSDN articles on WCF security here.

In summary, yes there is an "almost-done" way to do it with ASP.NET Membership, and it shouldn't be too hard to implement, but take some time to explore your other options as well before just diving in with one, because they all have trade-offs and you don't want to have to re-implement it in the future if you decide the approach you chose is a bad fit.

这篇关于在 WCF 中为每个调用进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆