WCF - 防止未经授权的客户端 [英] WCF - Preventing Unauthorized Clients

问题描述

我有一个 WCF 服务，我只希望我的应用程序可以访问它.我的应用程序由使用 JQuery 的传统 Web 界面和 Silverlight 界面组成.这些界面都不需要用户登录.

I have a WCF service that I only want my applications to have access to. My applications consist of a traditional web interface that uses JQuery and a Silverlight interface. Neither of these interfaces require the user to login.

有没有办法让 WCF 服务只允许来自我的域的客户端?如果是这样，如何?

Is there a way that I can tell a WCF service to only allow clients that originated from my domain? If so, how?

谢谢！

推荐答案

是的，您当然可以 - 只需要您的呼叫者提供 Windows 凭据(即您域中的 Active Directory 帐户).

Yes, of course you can - just require Windows credentials (i.e. an Active Directory account in your domain) from your callers.

任何未针对您的域进行身份验证的人都将被拒绝.

Anyone not authenticated against your domain will be rejected.

您可以通过指定具有传输安全性的 netTcpBinding(如果一切都在公司防火墙之后)或具有消息安全性的 wsHttpBinding 来实现此目的:

You can do this by specifying either netTcpBinding with transport security (if everything is behind a corporate firewall), or wsHttpBinding with message security:

<bindings>
   <netTcpBinding>
      <binding name="DomainUsersOnly">
         <security mode="Transport">
            <transport clientCredentialType="Windows" />
         </security>
      </binding>
   </netTcpBinding>
   <wsHttpBinding>
      <binding name="HttpDomainUsersOnly">
         <security mode="Message">
            <message clientCredentialType="Windows" />
         </security>
      </binding>
   </wsHttpBinding>
</bindings>

现在，您需要做的就是在端点中引用这些绑定配置之一:

Now, all you need to do is reference one of those binding configurations in your endpoints:

<endpoint name="whatever"
          address="......"
          binding="netTcpBinding"
          bindingConfiguration="DomainUsersOnly"
          contract="IYourservice" />

你应该没事了.

这篇关于WCF - 防止未经授权的客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！