添加简单的安全SOAP WCF在Azure上的web应用托管 [英] Adding simple security to SOAP WCF hosted on Azure webapp
问题描述
我主持的一个蓝色的web应用程序SOAP WCF。这种服务将是由仅服务器被消耗,不包含任何用户界面。我只需要一个服务帐户权威性地我的WCF。因为它是SOAP,我不能使用OAuth。我已阅读了关于ACS一点,但它在我的情况似乎矫枉过正,因为我只想用一个帐户,以确保我的WCF。我的想法是,我打算利用Azure的广告,以服务帐户存在,并用它来保护服务。
I have hosted a SOAP WCF on an azure web application. This service is going to be consumed by servers only and contains no UI. I only need one service account to auth my WCF. I cannot use oauth since it's SOAP. I have read up a little on ACS, but it seems overkill in my case since I just want to use one account to secure my WCF. My thinking was I was going to leverage the Azure AD to make a service account there and use it to secure the service.
这是即使在一个Web应用程序可能还是需要承载它在一个Web角色?在任何情况下,我如何根据我的premises我的WCF实现简单的安全?
Is this even possible on a web app or do i need to host it on a web role? In any case how do i accomplish simple security on my WCF based on my premises?
推荐答案
详细的解答例如
一般性讨论后,这里是对于建立运输保障+简单的密码(在IIS上premises或天青我只是测试它)
After general discussion, here is a detailed example for establishing transport security + simple password (in IIS, on premises or Azure I just tested it)
这是非常简单。结果
- 没有任何作用,不声明或编程控制基于身份的结果。
- 身份是很难codeD结果。
- 信息的安全性,更强(中间人)的任何使用结果
- 交通运输安全是最小的,因为基本身份验证是不是securized。
This is very simple.
- No role, no declarative or programmatic control based on identity.
- Identity is hard coded.
- No usage of message security that is stronger (man in the middle).
- Transport security is the minimum because Basic authentication is not securized.
这情景的安全性是短暂的落实
That security scenario is short to implement
1。与运输安全的Web服务创建
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="HelloServiceLibrary.HelloService" behaviorConfiguration="customIdentificationBehavior">
<endpoint address=""
binding="basicHttpBinding"
contract ="HelloServiceLibrary.IHelloService"
name="basicEndpoint"
bindingConfiguration="BasicBindingConfiguration">
</endpoint>
2。一个模块声明找到基本认证
<system.webServer>
<modules>
<add name="BasicAuthenticationModule"
type="Security.UserNameModuleAuthenticator,App_Code/Security" />
</modules>
</system.webServer>
3。该模块的实现:
public class UserNameModuleAuthenticator : IHttpModule{
...
public void OnAuthenticateRequest(object source, EventArgs eventArgs){
HttpApplication app = (HttpApplication)source;
string authStr = app.Request.Headers["Authorization"];
string username = ...; // from header
string password = ...; // from header
if (username == "gooduser" && password == "password")
{
app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Custom Provider"), null);
}
else
{
DenyAccess(app);
return;
}
传递基本身份验证 4配置客户端
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicEndpoint">
<security mode="Transport" >
<transport clientCredentialType="Basic"
proxyCredentialType="None"
realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/TransportUsernameService/HelloService.svc"
binding="basicHttpBinding" bindingConfiguration="basicEndpoint"
contract="SecureServiceReference.IHelloService" name="basicEndpoint" />
</client>
</system.serviceModel>
5。在客户机通**凭证以服务器**
HelloServiceClient client = new HelloServiceClient("basicEndpoint",
new EndpointAddress("https://testsecurewebservice.azurewebsites.net/HelloService.svc"));
client.ClientCredentials.UserName.UserName = userName;
client.ClientCredentials.UserName.Password = password;
String msg = client.SayHello(userName);
可能的扩展
- 创建/管理一些用户(使用ASP.Net提供商或定制基)
- 有一些角色
- 把一些声明权限一样的方法:
[PrincipalPermission(SecurityAction.Demand, Role = "Manager")]
在这里完整的解决方案: http://1drv.ms/1Q5j9w0
问候
这篇关于添加简单的安全SOAP WCF在Azure上的web应用托管的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!