WCF安全模型的概念解释？ [英] Conceptual overview of WCF security model?

问题描述

我与WCF工作的时刻，并试图实现基于围绕API密钥和签名定制的安全模式（类似于Facebook的怎么样/ Flickr的/ OAuth的等方面的工作）。

I'm working with WCF at the moment and attempting to implement a custom security model based around an API key and signature (similar to how Facebook/Flickr/OAuth etc. work).

有像ServiceAuthorizationManager，SecurityToken，SecurityTokenValidator，IAuthorizationPolicy类一会儿一堆等等，但我似乎无法找到有关如何将这些一起工作或者是什么概念的安全模型是WCF的任何文件。

There are a while bunch of classes like ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy and so on, but I can't seem to find any documentation about how these work together or what the conceptual security model is for WCF.

我真的寻找的东西，详细介绍了如何这些类配合，共同努力，这样我就可以明白的地方提取凭证，在那里要验证它们是正确的，在决定什么级别的访问给他们等等。如果有一本书，我就可以买这个东西的话会更好，因为所有的WCF的书我已经找到了跳过所有这些东西完全。

I'm really looking for something that details how these classes fit and work together, so I can understand where to extract credentials, where to validate they are correct, where to decide what level of access to give them and so on. If there is a book I can buy about this stuff it would be even better, as all the WCF books I have found skip over all this stuff entirely.

是否有任何文档在那里？

Is there any documentation out there?

推荐答案

看看Juval洛伊的优秀编程WCF服务，第二版：

Take a look at Juval Lowy's excellent "Programming WCF Services," 2nd Edition:

这里的链接亚马逊的页面就可以了。

Here's the link to Amazon's page on it.

第10章是完全投入到安全性。

Chapter 10 is completely devoted to security.

微软发布了WCF安全指南 - （！）免费电子书。你可以找到它这里。

Microsoft has released a WCF Security Guide - a free(!) eBook. You can find it here.

这是一个可怕的很多信息涉水通过。祝你好运！

That's an awful lot of information to wade through. Good luck!

这篇关于WCF安全模型的概念解释？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！