从特定来源保护WCF服务
[英]securing wcf services from specific sources
问题描述
I am using wcf services for interaction between my javascript files and server side. 
我正在使用wcf服务在我的javascript文件和服务器端之间进行交互。
I am concerened about security around this as anyone can call these services via an application, firebug etc. 我对此感到非常安全,因为任何人都可以通过应用程序,firebug等调用这些服务。
So I want to secure my web services to only be accessible from specified sources, for example the javascript files on my site - ie. 因此,我想确保只能从指定来源访问我的Web服务,例如,我网站上的javascript文件-即。 the main function why I have wcf services. 为什么我有wcf服务的主要功能。
I am running on the .net 3.5 framework in ac# web application. 我正在ac#Web应用程序中的.net 3.5框架上运行。
Could anyone assist my securing my wcf services as outlined above? 有人可以协助我保护我如上所述的wcf服务吗?
2 个解决方案
解决方案1
1 已采纳 2011-04-23 16:49:46
如果这是javascript和服务器端的组合,则可能可以从服务器端生成一个Key并将其存储在javascript变量中,然后再次传递给WCF Web服务。
解决方案2
0 2011-04-26 15:51:32
Kobe's answer of generated request keys is definitely one possible way. 科比生成的请求密钥的答案绝对是一种可能的方法。 Given that your services are running on the same machine as your UI code, another way to limit access would be to set them up as regular services and not Web Services. 鉴于您的服务与UI代码在同一台计算机上运行,另一种限制访问的方法是将它们设置为常规服务,而不是Web服务。 That is of course assuming you don't need them to be Web Services. 当然,这是假设您不需要它们成为Web服务。
Check out the cool work that the WCF team has done/ is doing with jQuery and WCF . 查看WCF团队已经/正在使用jQuery和WCF完成的出色工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.