堆栈内存溢出
  简体   繁体   English

WCF WebService安全性:如何在WebService上使用安全性?

[英]WCF WebService Security: How do I use security on a WebService?

 原文  2010-06-29 15:08:54       c#/ wcf/ web-services/ authentication/ soap

问题描述

I created a simple .NET WebService (it just passes back a string). 我创建了一个简单的.NET WebService(它只是传回一个字符串)。 How do I modify the server side (and possibly the client side) so that it also uses a username/password to validate before sending a response? 如何修改服务器端(可能还有客户端),使其在发送响应之前也使用用户名/密码进行验证?

Client Code: 客户代码: 

static void Main(string[] args)
{
    UpdateClient client = new UpdateClient("UpdateSOAPIIS");

    client.ClientCredentials.UserName.UserName = "Michael";
    client.ClientCredentials.UserName.Password = "testpassword";

    String response = client.GetString("New York, NY");

    Console.WriteLine(response);

    if (client != null) client.Close();
}

Server Code: 服务器代码: 

public virtual GetStringResponse GetString(GetStringRequest request)
{
    return new GetStringResponse("Search Location: " + request.location);
}

2 个解决方案

解决方案1
 4 已采纳  2010-06-29 16:16:32

I recommend reading Juval Lowy's excellent article Declarative WCF Security . 我建议阅读Juval Lowy的出色文章Declarative WCF Security He describes five common scenarios (intranet, internet, b2b, anonymous, no security at all) and shows what that means, how to accomplish that etc. 他描述了五个常见方案(内部网,互联网,b2b,匿名,完全没有安全性),并说明了这意味着什么,如何实现等。

He even goes as far as creating declarative attributes that you can basically just put on your service declaration and be done with it. 他甚至还创建了声明性属性,您基本上可以将它们放在服务声明中并完成它。

Those security scenario should really cover at least 80%, if not 95% of your typical cases. 这些安全方案实际上应该至少覆盖您典型情况的80%(如果不是95%)。 Study them and use them! 学习并使用它们! Highly recommended 强烈推荐

解决方案2
 1  2010-06-29 15:22:48

It really depends on what kind of security you want. 这实际上取决于您想要哪种安全性。 Should the protocol be encrypted, should the data be encrypted, or do you just want to authenticate a user. 应该对协议进行加密,对数据进行加密还是只想对用户进行身份验证。 In the last case you can just go ahead and use whatever technology you want to verify that the user has permissions to use the API. 在最后一种情况下,您可以继续使用所需的任何技术来验证用户是否有权使用该API。 For other options and some code, check out this MSDN article http://msdn.microsoft.com/en-us/library/ms731925.aspx 有关其他选项和一些代码,请查看此MSDN文章http://msdn.microsoft.com/zh-cn/library/ms731925.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Web服务安全 - WebService Security WCF客户端使用WS-Security Web服务 - WCF Client consuming WS-Security webservice 传递到Web服务(.asmx)时的WCF安全性 - Wcf security when passing through to a webservice (.asmx) 消耗Web服务-WS安全 - Consume a webservice - WS Security 如何在WCF Web服务应用程序中引用文件? - How do I reference a file in a WCF Webservice application? 如何在没有序列化错误的情况下返回WCF Web服务 - How do I return a WCF webservice without having the Serialization Error 如何将方法绑定到自托管WCF Web服务的根目录? - How do I bind a method to the root of a self hosted WCF webservice? Android使用WCF(webservice) - Android use WCF(webservice) 用于上传数据的Web服务:安全性考虑因素 - Webservice for uploading data: security considerations 如何从JavaScript使用WCF Web服务 - How to use wcf webservice from javaScript
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM