使用 Silverlight 3.0 自定义 UserNamePasswordValidator [英] Custom UserNamePasswordValidator with Silverlight 3.0
问题描述
我已经实现了一个使用 TransportWithMessageCredential 绑定和自定义 UserNamePasswordValidator 的 WCF 服务.
I have implemented a WCF service that uses a TransportWithMessageCredential binding and a custom UserNamePasswordValidator.
我有一个连接到此服务的 Silverlight 3 客户端.如果我设置了有效的凭据,它就可以完美运行,但是,在用户名验证器中,如果用户名和密码不匹配,我会抛出 SecurityTokenException.
I have a Silverlight 3 client connecting to this service. If I set valid credentials it works perfect, however, in the username validator I throw a SecurityTokenException if the username and password does not match.
现在我已经实现了一个虚拟服务调用来验证凭据,是否有一种更好"的方法来检查凭据.接受用户名和密码并返回真/假的服务方法感觉不安全.
Now I have implemented a dummy service call just to verify the credentials, is there a "nicer" way of checking the credentials. A service method that accept username and password and returns true/false doesn't feel safe.
推荐答案
我认为您以错误的方式处理安全问题.有处理这个的内置方法.查找会员提供者".例如:
I think you're going about security in the wrong way. there are builtin methods for dealing with this. Look up "Membership Providers". Ex:
这篇关于使用 Silverlight 3.0 自定义 UserNamePasswordValidator的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!