WCF 安全模型的概念概述? [英] Conceptual overview of WCF security model?

问题描述

我目前正在使用 WCF，并尝试实现基于 API 密钥和签名的自定义安全模型(类似于 Facebook/Flickr/OAuth 等的工作方式).

I'm working with WCF at the moment and attempting to implement a custom security model based around an API key and signature (similar to how Facebook/Flickr/OAuth etc. work).

有一些类，如 ServiceAuthorizationManager、SecurityToken、SecurityTokenValidator、IAuthorizationPolicy 等，但我似乎找不到任何关于它们如何协同工作或 WCF 概念安全模型的文档.

There are a while bunch of classes like ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy and so on, but I can't seem to find any documentation about how these work together or what the conceptual security model is for WCF.

我真的在寻找可以详细说明这些类如何配合和协同工作的内容，以便我可以了解在哪里提取凭据、在哪里验证它们是正确的、在哪里决定授予它们什么级别的访问权限等等.如果我能买到一本关于这些东西的书，那就更好了，因为我找到的所有 WCF 书籍都完全跳过了所有这些东西.

I'm really looking for something that details how these classes fit and work together, so I can understand where to extract credentials, where to validate they are correct, where to decide what level of access to give them and so on. If there is a book I can buy about this stuff it would be even better, as all the WCF books I have found skip over all this stuff entirely.

那里有任何文档吗?

推荐答案

看看 Juval Lowy 出色的Programming WCF Services"，第 2 版:

Take a look at Juval Lowy's excellent "Programming WCF Services," 2nd Edition:

这是到亚马逊页面的链接

第 10 章完全致力于安全性.

Chapter 10 is completely devoted to security.

Microsoft 发布了 WCF 安全指南 - 免费(！)电子书.您可以在此处找到它.

Microsoft has released a WCF Security Guide - a free(!) eBook. You can find it here.

要浏览的信息太多了.祝你好运！

That's an awful lot of information to wade through. Good luck!

这篇关于WCF 安全模型的概念概述?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！