使用WCF索赔基于身份验证 [英] Claim Based Authentication using WCF
问题描述
我想学习要求的验证。业务服务(基于SOAP)将使用这项服务来进行验证。
能否请您给一个参考WCF简化的实施?虽然我的实际需求将在DataPower的,我想通过做手与简化WCF实现学习的概念。
这将是伟大的,文章/教程/视频(与code下载)可实现为VS2010自托管服务。
注:我没有一台服务器进行测试。得到了只有我的桌面上。
注:我将无法发展与Windows标识基础,因为我只有XP
此外,可以请你提供基于索赔的授权和基于角色的管理权限的简单对比?
参考文献:
- <一个href="http://stackoverflow.com/questions/646395/how-to-use-system-identitymodel-in-own-client-server-application">How使用System.IdentityModel在自己的客户端 - 服务器应用程序
- <一个href="http://stackoverflow.com/questions/232842/implementing-claims-based-security-wcf-asp-net">Implementing基于声明的安全性(WCF / ASP.NET)
在基于索赔的身份验证顾名思义,是有使用的权利要求,这是一种用户的身份,声称可以是用户名,密码,电子邮件等。在基于权利要求的认证,我们得到的单点登录的上特征的默认的实现,使我们可以从发行人获得的认证,并在一开始提供证书一次访问应用
在基于角色的认证我们有角色其中指定哪个用户被允许访问哪些application.Some次单符号我们执行基于角色的认证通过它,如果用户提供的凭证在开始并试图访问应用程序他未经过验证,那么他就会这么做禁止。
I am trying to learn Claim Based Authentication. The business services (based on SOAP) will be using this service for authentication.
Can you please give a reference to a simplified implementation in WCF? Though my actual requirement will be in DataPower, I want to learn the concepts by doing hands on with simplified WCF implementations.
It would be great that article/tutorial/video (with code download) can be implemented as a self hosted service in VS2010.
Note: I don’t have a server to test. Has got my desktop only.
Note: I won’t be able to develop with Windows Identity Foundation since I have only XP.
Also, can you please provide a brief comparison of claim based authorization and role based authorization?
REFERENCE:
- How to use System.IdentityModel in own client-server application
- Implementing claims-based security (WCF/ASP.NET)
In claim based authentication as the name indicates, there is a use of claims, which is a sort of identity of a user, claim can be a username, password, email etc. In claim based authentication we get a default implementation of single sign on feature by which we can access application by getting an authentication from an issuer, and providing the credentials once in the beginning.
In role based authentication we have roles which specify that which user is allowed to access which application.Some times with single sign we implement the role based authentication by which if a user provides the credential in the beginning and tries to access an application which he is not authenticated, then he will be barred from doing so.
这篇关于使用WCF索赔基于身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
