堆栈内存溢出
  简体   繁体   English

RESTful WCF服务安全性

[英]RESTful WCF service security

 原文  2012-01-19 06:10:15       wcf/ web-services/ wcf-binding/ wcf-security/ restful-authentication

问题描述

How we could authenticate/authorize WCF RESTful service (that uses webHttpBinding (and not wsHttpBinding, like in SOAP case))? 我们如何验证/授权WCF RESTful服务(使用webHttpBinding(而不是像SOAP情况那样使用wsHttpBinding))? Ie we want to use Membership/Roles to permit (or prohibit) user consume each web method according his role. 也就是说,我们要使用成员资格/角色来允许(或禁止)用户根据其角色使用每种Web方法。

Thanks in advance. 提前致谢。 Ilan. 宜兰。

1 个解决方案

解决方案1
 4 已采纳  2012-01-19 06:43:53

You can use certificates to secure the service or send the username and password in the header. 您可以使用证书来保护服务安全,也可以在标头中发送用户名和密码。 You can then add a behavior by implementing IAuthorizationPolicy to the service so that you don't have to implement the security check in every web service method that you expose. 然后,您可以通过对服务实现IAuthorizationPolicy来添加行为,这样就不必在公开的每个Web服务方法中实现安全检查。 

public class CertificateAuthorizationPolicy : IAuthorizationPolicy
{

    public bool Evaluate(EvaluationContext evaluationContext, ref object state)
    {
        IIdentity identity;
        object untypedIdentities;
        if (!evaluationContext.Properties.TryGetValue("Identities", out untypedIdentities))
        {
            identity = null;
            return false;                                                                                                             
        }

        var identities = (IEnumerable<IIdentity>)untypedIdentities;

        identity = identities.Where(item => item.AuthenticationType == "X509").FirstOrDefault();

        var claimSet = (X509CertificateClaimSet)evaluationContext.ClaimSets[0];
        var certificate = claimSet.X509Certificate;

    }

In web.config you tell the service to use the authorization policy 在web.config中,您告诉服务使用授权策略 

    <behavior name="CertificateSecurityServiceBehavior">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceAuthorization principalPermissionMode="Custom">
        <authorizationPolicies>
          <add policyType="CertificateAuthorizationPolicy, MyAssembly.Security" />
        </authorizationPolicies>
      </serviceAuthorization>
      <dataContractSerializer maxItemsInObjectGraph="2147483647" />
    </behavior>

Another option is to setup SSL on the IIS Server so that it requires SSL and client certificate to connect to any page. 另一种选择是在IIS服务器上设置SSL,以便它需要SSL和客户端证书才能连接到任何页面。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 BizTalk RestFul WCF服务 - BizTalk RestFul WCF service 找不到WCF宁静服务 - WCF restful service not found WCF服务RESTful - Wcf service RESTful RESTful WCF 服务代理 - Proxy for RESTful WCF service 调用宁静的WCF服务 - Invoke a restful wcf service 调试RESTful WCF服务 - Debugging RESTful WCF Service WCF RESTful服务错误 - WCF RESTful Service Error RESTful WCF服务 - RESTful WCF Service jQuery和RESTful WCF服务 - jquery and RESTful wcf service 宁静的WCF服务认证 - restful WCF service authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM