简体繁体 English

WCF服务IIS为外部客户端构建用户记录的服务

[英]WCF Service IIS to build user logged services for external clients

原文 2014-12-02 08:52:57 7 2 c#/ asp.net/ web-services/ wcf/ iis

I'm starting in .net and wcf services, sorry if what i'm asking is wrong or has nosense. 我是从.net和wcf服务开始的，如果我要问的是错误的或没有任何意义，请对不起。 By the way, sorry for my english too. 顺便说一句，我的英语也很抱歉。

I'm trying to build several WCF services hosted on IIS where the internet clients can login with their username / password (info stored in db). 我正在尝试构建在IIS上托管的几个WCF服务，Internet客户端可以使用其用户名/密码（信息存储在db中）登录。 When they are logged, they can access their info, see their private documents, change their profile and more actions related to their account. 登录后，他们可以访问其信息，查看其私人文档，更改其个人资料以及与其帐户相关的更多操作。

Well, in asp.net if I get the session after success login, i can build services like "GetMyDocs" and i know "who is", just checking the session username stored with the session ID when he calls the login and his session don't timed-out. 好吧，在asp.net中，如果我成功登录后获得了会话，那么我可以构建“ GetMyDocs”之类的服务，并且我知道“谁是”，只要在他调用登录名和会话不登录时检查与会话ID一起存储的会话用户名不会超时。 But i've noticed that WCF Services are stateless, so this seems i have to send in all requests the username / pwd and check them in the DB before executing the service... always!? 但是我注意到WCF服务是无状态的，所以看来我必须发送所有请求用户名/ pwd并在执行服务之前在数据库中检查它们...总是！！

Later, if i want to build a client desktop / Android / iOS application, i will use those services. 以后，如果我要构建客户端桌面/ Android / iOS应用程序，我将使用这些服务。 They then can manage their personal and private data through those apps after a success login. 成功登录后，他们便可以通过这些应用程序管理其个人和私人数据。

How should i handle this? 我该如何处理？ Are WCF Services the way to go or WCF aren't a good choice for that? WCF服务是顺其自然吗，还是WCF并不是一个好的选择？ How can i handle the user identification with WCF? 如何使用WCF处理用户标识？ Because all my services are linked to a user and "GetMyDocs", "SaveNewConfig", "PayItem"... needs to identify who is calling. 因为我所有的服务都链接到一个用户，并且“ GetMyDocs”，“ SaveNewConfig”，“ PayItem” ...需要标识谁在呼叫。

Thanks in advance!! 提前致谢！！ Regards! 问候！

2 个解决方案

But i've noticed that WCF Services are stateless 但是我注意到WCF服务是无状态的

This statement is kind of wrong. 这种说法是错误的。 Because you could easily create a "WCF-based" web service with state enabled. 因为您可以轻松创建启用状态的“基于WCF”的Web服务。 Furthermore, state is such a broad term that is not worth covering here. 此外，国家是一个广义的术语，在这里不值得涵盖。 For example, you could use session state with a WCF service, or you could set the InstanceContextMode property of a service to one of the following: 例如，您可以将会话状态与WCF服务一起使用，或者可以将服务的InstanceContextMode属性设置为以下之一：

PerCall 永久通话
PerSession 每次会话
Single 单

and of course, it all depends on how you configure the service itself. 当然，这完全取决于您如何配置服务本身。

If your service needs to be consumed by different clients, you should consider at implementing a RESTful service along with OAuth 2.0 or something similar where you can authenticate a request using the Basic Authentication header or by issuing an access token after a successful authentication. 如果您的服务需要由不同的客户端使用，则应考虑与OAuth 2.0或类似的东西一起实现RESTful服务，在其中您可以使用基本身份验证标头或通过在成功身份验证后发出访问令牌来对请求进行身份验证。

There are a number of ways to provide authentication to a WCF service. 有多种方法可以为WCF服务提供身份验证。 One of them is by using a session (basicHttp does not support session, you have to use wshttp, or any of several other transports that support session). 其中之一是通过使用会话（basicHttp不支持会话，您必须使用wshttp或支持会话的其他几种传输方式中的任何一种）。 However, enabling session is a huge amount of overhead simply to avoid sending credentials on each request. 但是，仅为了避免在每个请求上发送凭据，启用会话是巨大的开销。

Session reduces scalability by quite a bit, but if you aren't worried about it... it's an option. 会话在很大程度上降低了可伸缩性，但是如果您不担心它，这是一个选择。