如何通过 WCF 保护数据(动态安全性) [英] How to secure data over WCF (dynamic security)

问题描述

如何保护 WCF 中的数据?

How can I secure data across WCF?

这不是标准的 WCF 身份验证问题.我需要做的是锁定数据并确保不会将任何数据发送给不允许查看它的客户端.

This isn't the standard WCF authentication question. What I need to do is lock the data down and make sure that none of it can be sent to a client who isn't allowed to see it.

我有 WCF 身份验证来检查客户端的有效性，但我需要在服务层周围放置一个包装器以限制数据.

I have WCF authentication to check the validity of the client but I need to put a wrapper around the service layer to restrict data.

在这个糟糕的例子中，我描述了这个问题；http://www.website.com/customers.aspx?CustomerId=1

In this poor example I describe the issue; http://www.website.com/customers.aspx?CustomerId=1

现在黑客"或最低质量的人将查询字符串更改为 customerid=2.不应允许经过身份验证的用户查看此客户数据.

Now a 'hacker' or the lowest quality changes the querystring to customerid=2. The authenticated user shouldn't be allowed to see this customer data.

锁定数据的标准做法是什么?我可以使用 WCF 中内置的任何内容吗?

What standard practice for locking down data? Is there anything built into WCF which I could use?

推荐答案

WCF 仅支持身份验证和基于角色的安全以及基于操作的授权.您需要数据驱动的授权.在您的运营或业务层中构建它取决于您.

WCF only supports authentication and with role based security also operation based authorization. You need data driven authorization. It is up to you to build it in your operations or business layer.

这篇关于如何通过 WCF 保护数据(动态安全性)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！