[英]choosing wcf security mode
I am going to work on a wcf service that would expose our catalog information for several external organization to access. 我将在wcf服务上工作,该服务将公开我们的目录信息,以供多个外部组织访问。 I would like to authenticate/authorize them using a simple table in my back end which contains their login information.
我想使用后端中的一个简单表对它们进行身份验证/授权,该表包含他们的登录信息。 (right now there is only one, but could grow down the line) Should I be using the wcf message with transport credential for this scenario?
(现在只有一个,但可以沿线发展)对于这种情况,我应该使用带有传输凭据的wcf消息吗? Any thoughts/suggestions would be welcome.
任何想法/建议都将受到欢迎。 Does it even matter how they access our wcf service?
他们访问我们的wcf服务的方式甚至是否重要? I will be using vs2012.
我将使用vs2012。
Given that your clients may not be using WCF or even Windows, I would recommend using WSHttpBinding, which allows you to use message security and attach username and passwords to the request. 鉴于您的客户端可能未使用WCF甚至Windows,我建议使用WSHttpBinding,它使您可以使用消息安全性并将用户名和密码附加到请求中。 On your host you can then use a custom password validator to verify the credentials against your database.
然后,您可以在主机上使用自定义密码验证器来针对数据库验证凭据。 See http://msdn.microsoft.com/en-us/library/aa702565.aspx for more information on that.
有关更多信息,请参见http://msdn.microsoft.com/zh-cn/library/aa702565.aspx 。 SSL is also an additional option if you want the transport secured.
如果您希望传输安全,则SSL也是一个附加选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.