WCF数据服务身份验证
[英]WCF Data Service authentication
问题描述
-Is it possible to secure a WCF Data Service by using certificate-based authentication ? 
- 是否可以通过使用基于证书的身份验证来保护WCF数据服务?
-Is there a resource that describes this process ? - 是否有描述此过程的资源?
-Can we use Message security with a WCF Data service ? - 我们可以将Message安全性与WCF数据服务一起使用吗?
2 个解决方案
解决方案1
3 2011-04-05 22:43:02
The answer to all your questions is "yes". 你所有问题的答案都是“是”。 Below is a very informative link provided by the Patterns and Practices team at Microsoft to accomplish exactly what you are looking for. 以下是Microsoft的模式和实践团队提供的非常有用的链接,可以完全满足您的需求。
http://msdn.microsoft.com/en-us/library/cc949005.aspx http://msdn.microsoft.com/en-us/library/cc949005.aspx
解决方案2
2 2013-11-11 11:28:09
Certificate based Authentication can be done like this: 基于证书的身份验证可以这样完成:
Server side: 服务器端:
public class ODataService : DataService<Database>
{
public ODataService()
{
ProcessingPipeline.ProcessingRequest += ProcessingPipeline_ProcessingRequest;
}
void ProcessingPipeline_ProcessingRequest(object sender, DataServiceProcessingPipelineEventArgs e)
{
if (!HttpContext.Current.Request.ClientCertificate.IsPresent)
{
throw new DataServiceException(401, "401 Unauthorized");
}
var cert = new X509Certificate2(HttpContext.Current.Request.ClientCertificate.Certificate);
if (!ValidateCertificate(cert))
{
throw new DataServiceException(401, "401 Unauthorized");
}
var identity = new GenericIdentity(cert.Subject, "ClientCertificate");
var principal = new GenericPrincipal(identity, null);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
private bool ValidateCertificate(X509Certificate2 cert)
{
// do some validation
}
Client side: 客户端:
Create a partial class for your database service reference (DataServiceContext) 为数据库服务引用创建一个部分类(DataServiceContext)
public partial class Database
{
// ref: http://social.msdn.microsoft.com/Forums/en-US/0aa2a875-fd59-4f3e-a459-9f604b374749/how-do-i-use-certificate-based-authentication-with-data-services-client?forum=adodotnetdataservices
private X509Certificate clientCertificate = null;
public X509Certificate ClientCertificate
{
get
{
return clientCertificate;
}
set
{
if (value == null)
{
// if the event has been hooked up before, we should remove it
if (clientCertificate != null)
{
SendingRequest -= OnSendingRequest_AddCertificate;
}
}
else
{
// hook up the event if its being set to something non-null
if (clientCertificate == null)
{
SendingRequest += OnSendingRequest_AddCertificate;
}
}
clientCertificate = value;
}
}
private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
{
if (null != ClientCertificate)
{
(args.Request as HttpWebRequest).ClientCertificates.Add(ClientCertificate);
}
}
Use it like this 像这样使用它
Database db = new Database(new Uri(service));
db.ClientCertificate = CertificateUtil.GetCertificateByThumbprint(StoreName.My,
StoreLocation.LocalMachine,
"<a thumbprint>");
Private key stored on client computer, public key stored on server in Local machine/Trusted Root CA 存储在客户端计算机上的私钥,存储在本地计算机/受信任根CA中的服务器上的公钥
Remember to require/negotiate client sertificate for this Site in IIS. 请记住在IIS中要求/协商此站点的客户端证书。
(Tested on WCF Data Services 5.2, VS 2012) (在WCF数据服务5.2,VS 2012上测试)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.