WCF会话或每次通话通过用户名/密码？ [英] WCF sessions or pass username/password per call?

问题描述

有关企业类型的WCF服务，在这里的数千客户潜在的10K的将被认证和发送数据到中央服务器，什么是最好的做法，当涉及到会话或认证？

1. 不支持WCF的会话，如果是，我应该使用它？
   或者我应该只是在每个呼叫的基础上通过用户名/密码？

解决方案

blowdart 提到，WCF会话是不同ASP.NET会话。您可以在他们在这里读了：<一href=\"http://msdn.microsoft.com/en-us/library/ms733040.aspx\">http://msdn.microsoft.com/en-us/library/ms733040.aspx.在你滚你自己的安全，你要熟悉什么WCF给你出的即装即用：<一href=\"http://msdn.microsoft.com/en-us/library/ms734736.aspx\">http://msdn.microsoft.com/en-us/library/ms734736.aspx.他们可能让你接近你的目标，而无需编写大量的code的。具体来说，请查看如何创建一个安全的对话。有了安全的会话，客户端和服务器的高速缓存的凭证，所以你不必与每个请求完全验证。默认情况下，即使你的Web服务器回收失去一个安全会话。如果你想通过回收持续安全会话，你会想看看如何创建一个状态安全上下文令牌的安全会话。

For an enterprise type WCF service, where potentially 10K's of thousands of clients will be authenticating and sending data to central servers, what is 'best' practice when it comes to sessions or authentication?

1. does WCF support a session, if yes, should I use it? or should I simply pass username/password on a per call basis?

解决方案

As blowdart mentioned, WCF Sessions are not the same as ASP.NET Sessions. You can read up on them here: http://msdn.microsoft.com/en-us/library/ms733040.aspx. Before you roll your own security, you'll want to get familiar with what WCF gives you out-of-the-box: http://msdn.microsoft.com/en-us/library/ms734736.aspx. They may get you close to your goal without writing a lot of code. Specifically, check out How to: Create a Secure Session. With secure sessions, the Client and Server cache credentials so you don't have to fully authenticate with each request. By default, you'll lose a secure session if the web server recycles. If you want a secure session that lasts through a recycle, you'll want to look at How to: Create a Stateful Security Context Token for a Secure Session.

这篇关于WCF会话或每次通话通过用户名/密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！