[英]What is the use of Default Issuer and Default Key in Windows Azure Service Bus? Does the key need to be secured?
We have created a downloading client-service model application in which a WCF service is hosted on one of our servers and the client application is distributed among the partners. 我们创建了一个下载的客户端服务模型应用程序,其中WCF服务托管在我们的一台服务器上,并且客户端应用程序分布在合作伙伴之间。 Partners are provided with unique pin using which they can authenticate themselves with the WCF service and can place requests for downloading to the WCF Service.
为合作伙伴提供了唯一的密码,使用该密码,他们可以向WCF服务进行身份验证,并可以提出请求以下载到WCF服务。
The clients connect to the WCF Service through Windows Azure Service Bus within which we have created a namespace using which client applications can connect to the service. 客户端通过Windows Azure Service Bus连接到WCF服务,我们在其中创建了一个命名空间,客户端应用程序可以使用该命名空间连接到该服务。 Every namespace has a Default Issuer and Default Key .
每个命名空间都有一个Default Issuer和Default Key 。 We have embedded this Default key in our code when connecting to the service bus.
连接到服务总线时,我们已将此默认密钥嵌入到我们的代码中。 Somebody told me that the key needs to be secured and you need to get the application signed in order to protect the embedded key.
有人告诉我,密钥需要保护,您需要对应用程序进行签名才能保护嵌入式密钥。 Is that true?
真的吗?
Do we really need to secure this key? 我们真的需要保护此密钥吗? If yes then how?
如果是,那怎么办? and Is there a way we can simply provide authentication in Service Bus which identifies the clients from their pins and and allows only a set of people to access the service bus namespace?
有没有一种方法可以简单地在Service Bus中提供身份验证,该身份验证从其引脚识别客户端,并且仅允许一组人访问Service Bus名称空间? OR I'm uselessly getting worried on such points?
还是我对这些问题毫无用处? :)
:)
We are using Service Bus Relay. 我们正在使用服务总线中继。 I have been reading about SAS and ACS and it seems according to the documentation that SAS is not supported for Relays.
我一直在阅读有关SAS和ACS的信息,根据文档看来,中继不支持SAS。 Following is the link: "Support for Service Bus relays will be added in the near future."
以下是链接: “不久的将来将增加对服务总线中继的支持。” http://msdn.microsoft.com/en-us/library/windowsazure/dn170477.aspx
http://msdn.microsoft.com/zh-CN/library/windowsazure/dn170477.aspx
I am unable to understand how to use ACS for authenticating clients. 我无法理解如何使用ACS对客户端进行身份验证。 The information provided in the Windows Azure documentation are all bouncers for me and I can not relate them to anything no matter how hard I try.
Windows Azure文档中提供的信息对我来说都是无用功,无论我怎么努力,我都无法将它们与任何事物联系起来。
If somebody has any information for my concerns then please help me with proper links and guidance. 如果有人对我的问题有任何了解,请通过适当的链接和指导帮助我。
Thanks! 谢谢!
EDIT!!! 编辑!!! I have been searching on this and the following link provides a methodology for creating an unauthenticated client: http://msdn.microsoft.com/en-us/library/microsoft.servicebus.nettcprelaybinding.aspx
我一直在对此进行搜索,下面的链接提供了一种创建未经身份验证的客户端的方法: http : //msdn.microsoft.com/zh-cn/library/microsoft.servicebus.nettcprelaybinding.aspx
by using following tag in my client App.Config 通过在我的客户端App.Config中使用以下标记
<security relayClientAuthenticationType="None" />
I have tried this, but getting the below error: "Generic: There was an authorization failure. Make sure you have specified the correct SharedSecret, SimpleWebToken, SharedAccessSignature, or Saml transport client credentials. MissingToken: Relay security token is required." 我已经尝试过,但是收到以下错误:“通用:授权失败。请确保您指定了正确的SharedSecret,SimpleWebToken,SharedAccessSignature或Saml传输客户端凭据。MissingToken:需要中继安全令牌。”
I'm looking more about this error. 我正在寻找有关此错误的更多信息。 But few questions arise.
但是很少出现问题。 If we make the azure service bus accessible without authentication, can somebody simply misuse the service bus for their own advantage?
如果我们使azure服务总线无需身份验证即可访问,那么有人可以仅仅为了自己的利益而滥用服务总线吗?
Do we really need to secure this key?
我们真的需要保护此密钥吗?
You store Issuer and Default Key on your server side. 您将发卡行和默认密钥存储在服务器端。 To authorize on the Azure service bus, Service Bus WCF endpoint uses the Issuer and Default Key to create a token that will be signed with the Default Key that means that Default Key will never be sent to Azure.
为了在Azure服务总线上进行授权,Service Bus WCF终结点使用颁发者和默认密钥来创建令牌,该令牌将使用默认密钥进行签名,这意味着将永远不会将默认密钥发送到Azure。
Is there a way we can simply provide authentication in Service Bus which identifies the clients from their pins and and allows only a set of people to access the service bus namespace?
有没有一种方法可以简单地在Service Bus中提供身份验证,该身份验证从其引脚识别客户端,并且仅允许一组人访问Service Bus名称空间? OR I'm uselessly getting worried on such points?
还是我对这些问题毫无用处?
As far as I understood you have already implemented some kind of security on the WCF side. 据我了解,您已经在WCF端实现了某种安全性。 There is another one way of doing that.
还有另一种方法。 You can use ACS to authentificate Clients.
您可以使用ACS对客户端进行身份验证。 By Default Azure relay Service provides Support for the Simple Web Tokens.
默认情况下,Azure中继服务提供对简单Web令牌的支持。
Here is the workflow: 这是工作流程:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.