使用窗体身份验证的其他解决方案消耗WCF MVC3应用 [英] MVC3 Application using Forms Authentication consuming WCF in other solutions
问题描述
下面是我们的情况:
-
我们有一个MVC3应用程序MVC3ABC的解决方案,S1所使用窗体身份验证安全(目前用户的详细信息都只是在web.config早期开发,但他们将是一个SQL Server数据库中推出)。
We have an MVC3 Application 'MVC3ABC' in solution S1 that is secured using Forms Authentication (currently the user details are just in the web.config for early dev but they will be in an SQL Server database soon).
MVC控制器C1通过调用其具有在溶液中的S1单独的ASP.NET Web项目.svc文件的WCF服务W1。在这种情况下,WCF服务的不的需要知道哪些特定的用户登录,只是它是一个经过验证的用户访问。
MVC Controller C1 calls through to a WCF service W1 which has the .svc file under a separate ASP.NET web project in solution S1. In this case, the WCF service does not need to know which particular user is logged in, just that it is an authenticated user accessing.
MVC视图V1将举办一个Silverlight4应用SLV1这就要求通过对已在一个的不同的的解决方案S2在一个单独的AST.NET Web项目.svc文件的WCF服务W2。在这种情况下,WCF服务的确实的需要知道哪些特定的用户登录,因为它会得到取决于不同的数据库上的用户登录到MVC网站数据。
MVC View V1 is hosting a Silverlight4 App SLV1 which calls through to a WCF service W2 which has the .svc file under a separate AST.NET web project in a different solution S2. In this case, the WCF service does need to know which particular user is logged in as it will get data from different databases depending on which user is logged into the MVC site.
所以基本上,我们要求的是,获得两个WCF服务,可以从MVC站点通过的MVC应用程序,并在W2服务的情况下已经通过身份验证的用户做了,我们需要知道它是哪个用户。 MVC的网站以外的任何访问WCF服务的需要也被验证或不应该工作(没有匿名访问WCF服务是允许的)。
So essentially, what we require is that access to the two WCF services can be done from the MVC site by users already authenticated through the MVC application and in the case of the W2 service, we need to know which user it is. Any access to the WCF services outside the MVC site needs to also be authenticated or shouldn't work (no anonymous access to the WCF services is permitted).
有没有一个标准的方法来解决这个问题呢?有谁知道任何示例项目在那里我可以看到这种事情在行动?
Is there a standard approach to solving this problem? Does anyone know of any sample projects where I can see this kind of thing in action?
这是一些额外的细节 - 我们使用Visual Studio 2012 RC,.NET 4.5和IIS7
A few extra details - we are using Visual Studio 2012 RC, .NET 4.5 and IIS7.
感谢
推荐答案
我想你想实现的是共享整个MVC应用程序和WCF服务的窗体身份验证什么。你可以这样做:)
I guess what you are trying to achieve is sharing the Forms Authentication across MVC application and the WCF services. You could do that :)
我们的想法是,你必须从MVC应用程序的WCF服务共享的cookie。
The idea is you have to share the cookie from the MVC application to the WCF services.
以下是你要照顾好做这个事情。
Following are the things you have to take care on doing this.
-
在MVC和WCF服务应该使用在web.config相同的形式和的machineKey部分。请参见这里。意味着WCF服务还应该使用窗体身份验证,其中所有三个应该共享相同的计算机密钥有被共享的cookie。
The MVC and WCF services should use the same forms and machineKey sections in the web.config. See here. Means WCF services should also use forms authentication and all the three of them should share the same machine key to have the cookie being shared.
当然的WCF服务应该在asp.net兼容模式下运行。
Of course the WCF services should run in asp.net compatibility mode.
当打电话到WCF服务,您应该手动添加的窗体身份验证cookie来传出消息头。请参见这里。
When making calls to WCF services you should manually add the forms authentication cookie to the outgoing message header. See here.
编辑:
基于业务方案的意见我更新我的答案。
Based upon the OP's comment I'm updating my answer.
以上的解决方案似乎是不错的当WCF服务,必须使用仅由MVC 并没有被其他客户端。但如果WCF服务也希望通过不同的客户端比MVC项目的其他客户机将面临艰难的时间,因为他们要构建的cookie,并追加到该请求被消耗(我不知道这是否是可能的!)。
The above solution seems to be good when the WCF service has to be used only by the MVC and not by other clients. But if the WCF service also want to be consumed by different clients other than the MVC project then the client will face tough time because they have to construct the cookie and append to the request (i'm not sure whether this is possible!).
这么少更优雅的解决办法是使WCF服务自成一体,是指单独集成的身份验证/授权机制给它。一种方法是你可以很容易的ASP.NET成员资格提供程序集成到WCF服务。通过这种方式,认证将分别发生在WCF服务端。其他的优点是第三方客户端或其他应用程序可以轻松地使用WCF服务,通过代理服务器传递凭据。
So little more elegant solution would be make the WCF services self-contained, means, integrate the authentication/authorization mechanism separately to it. One way is you can easily integrate the ASP.NET membership provider to the WCF services. By this way the authentication will happen separately at the WCF service side. The other advantages are third-party clients or other applications can easily consume the WCF service passing the credentials through the proxy.
因此,这里是一个链接,说如何配置ASP。在WCF服务网络成员提供,
So here is a link that says how to configure asp.net membership provider in WCF service,
这篇关于使用窗体身份验证的其他解决方案消耗WCF MVC3应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
