WCF - 防止未经授权的客户端 [英] WCF - Preventing Unauthorized Clients
问题描述
我有一个 WCF 服务,我只希望我的应用程序可以访问它.我的应用程序由使用 JQuery 的传统 Web 界面和 Silverlight 界面组成.这些界面都不需要用户登录.
I have a WCF service that I only want my applications to have access to. My applications consist of a traditional web interface that uses JQuery and a Silverlight interface. Neither of these interfaces require the user to login.
有没有办法让 WCF 服务只允许来自我的域的客户端?如果是这样,如何?
Is there a way that I can tell a WCF service to only allow clients that originated from my domain? If so, how?
谢谢!
推荐答案
是的,您当然可以 - 只需要您的呼叫者提供 Windows 凭据(即您域中的 Active Directory 帐户).
Yes, of course you can - just require Windows credentials (i.e. an Active Directory account in your domain) from your callers.
任何未针对您的域进行身份验证的人都将被拒绝.
Anyone not authenticated against your domain will be rejected.
您可以通过指定具有传输安全性的 netTcpBinding(如果一切都在公司防火墙之后)或具有消息安全性的 wsHttpBinding 来实现此目的:
You can do this by specifying either netTcpBinding with transport security (if everything is behind a corporate firewall), or wsHttpBinding with message security:
<bindings>
<netTcpBinding>
<binding name="DomainUsersOnly">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
<wsHttpBinding>
<binding name="HttpDomainUsersOnly">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
现在,您需要做的就是在端点中引用这些绑定配置之一:
Now, all you need to do is reference one of those binding configurations in your endpoints:
<endpoint name="whatever"
address="......"
binding="netTcpBinding"
bindingConfiguration="DomainUsersOnly"
contract="IYourservice" />
你应该没事了.
这篇关于WCF - 防止未经授权的客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!