堆栈内存溢出
  简体   繁体   English

如何保护WCF服务

[英]How to secure a WCF Service

 原文  2013-07-01 09:53:15       asp.net-mvc/ wcf/ security

问题描述

I have a WCF service hosted in IIS. 我在IIS中托管了WCF服务。 I have another website hosted in asp.net mvc. 我在asp.net mvc中托管了另一个网站。 It is a public web site. 这是一个公共网站。 I want to secure my WCF service so that it won't be accessible from any applications other than my MVC application, or which I give access. 我想保护WCF服务的安全性,以便无法从我的MVC应用程序或我允许访问的任何应用程序访问该服务。

Can I do this using forms authentication? 我可以使用表单身份验证吗?

Update: 更新:

I had gone through several examples, but I couldn't get an effective one. 我已经看了几个例子,但是我没有一个有效的例子。 I dont want to use ssl. 我不想使用ssl。 Login feature is not there in my web spplication. 我的网络应用程序中没有登录功能。 If required, a programitic login can be implemented. 如果需要,可以实施程序登录。 All I need is, deny access if the service is not called from my website. 我需要的是,如果未从我的网站调用该服务,则拒绝访问。 I've done this in web service using forms authentication. 我已经在Web服务中使用表单身份验证完成了此操作。 But here, the httpcontext is null. 但是这里,httpcontext为空。

1 个解决方案

解决方案1
 0  2013-07-01 12:25:43

Yes, you can. 是的你可以。 WCF calls go through the same pipeline so that if you check for specific principals (usernames or roles), your checks will fail/succeed depending on the Forms cookie. WCF调用通过相同的管道进行,因此,如果您检查特定的主体(用户名或角色),则检查将失败/成功,具体取决于Forms cookie。

More details in my blog entry 我的博客条目中有更多详细信息

http://netpl.blogspot.com/2010/04/aspnet-forms-authentication-sharing-for.html http://netpl.blogspot.com/2010/04/aspnet-forms-authentication-sharing-for.html

where I show how to share the forms identity between a web app and hosted silverlight app which calls WCF services. 在这里,我展示了如何在Web应用程序与托管的调用WCF服务的Silverlight应用程序之间共享表单身份。

In case of yet another type of the client application, the way you get the cookie value at the client side can vary. 如果是另一种类型的客户端应用程序,则在客户端获取Cookie值的方式可能会有所不同。 Silverlight just inherits cookies from the web application it is run from. Silverlight只是从运行它的Web应用程序继承cookie。

Assuming your client is a console application, you could even expose an unguarded method from the WCF service which accepts loginname+password and returns the cookie to the client. 假设您的客户端是一个控制台应用程序,您甚至可以从WCF服务中公开不受保护的方法,该方法接受登录名+密码并将cookie返回给客户端。 This way, the console application would first call this unguarded method to login the user and then, using returned cookie, would call other WCF services guarded with forms authentication. 这样,控制台应用程序将首先调用此不受保护的方法来登录用户,然后使用返回的cookie调用由表单身份验证保护的其他WCF服务。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从安全Web应用到WCF数据服务的身份验证呼叫挂起 - Authentication call from secure web app to WCF data service hangs ASP.NET MVC 3连接到安全的远程WCF服务 - ASP.NET MVC 3 connection to secure remote WCF service 如何保护MVC4 ASP.NET和WCF dll? - How to secure the MVC4 ASP.NET and WCF dll? 从ASP.NET MVC应用程序使用时保护WCF服务的最佳方法 - Best way to secure a WCF service when used from an asp.net mvc application WCF-如何正确配置使用MVC客户端的WCF服务? - WCF - How to correctly configure MVC Client consuming WCF Service? 如何以编程方式连接到IIS中承载的WCF服务 - How to programmatically connect to a WCF service that is hosted in IIS 如何将wcf服务添加到现有的类库 - how to add wcf service to existing class library 如何将存储库注入 wcf 服务? - How do you inject a repository into a wcf Service? 如何在WCF服务合同接口实现中实现附加的非wcf服务合同接口 - How to implement an additional non-wcf service contract interface in a WCF service contract interface implementation 如何将 Ninject WCF 扩展与 singleton 服务一起使用? - How can I use Ninject WCF extension with a singleton service?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM