堆栈内存溢出
  简体   繁体   English

传递到Web服务(.asmx)时的WCF安全性

[英]Wcf security when passing through to a webservice (.asmx)

 原文  2012-07-12 09:39:25       c#/ .net/ wcf/ security

问题描述

The scenario is we have a WCF service that consumes methods from an internal web service that we have built. 场景是我们有一个WCF服务,该服务使用了我们构建的内部Web服务中的方法。

The WCF service is very lightweight. WCF服务非常轻巧。

We want to secure this WCF service so only certain clients can consume it (it is currently sitting on a public facing server). 我们希望保护此WCF服务的安全性,以便仅某些客户端可以使用它(该服务当前位于面向公众的服务器上)。

We do not have the ability to install certificates on this public facing server so we are wondering the best securiyt model to use. 我们无法在此面向公众的服务器上安装证书,因此我们想知道使用哪种最佳securiyt模型。

Ideally the thought was somehow it can be configured so that the client uses a certificate that the WCF service simply "passes on" to the internal web service as this is on a server we do control and the certificate authentication then happens. 理想情况下,以某种方式可以考虑配置它,以便客户端使用证书,而WCF服务只是简单地“传递”到内部Web服务,因为它位于我们控制的服务器上,然后发生证书身份验证。

Is this possible..? 这可能吗..? If not are there any other security options that we could employ..? 如果没有,我们可以使用其他任何安全选项。

Thanks in advance. 提前致谢。

2 个解决方案

解决方案1
 1  2012-07-12 09:54:26

The work around to use message header and check credentials for client in it. 解决方法是使用消息头并在其中检查客户端的凭据。 That is you can pass username and pwd in message header check it on wcf service if fine process the request else discard it. 也就是说,您可以传递用户名并在消息头中输入pwd,如果处理得当,请在wcf服务上检查它,否则将其丢弃。

解决方案2
 0 已采纳  2012-07-12 09:50:51

I think you have to elaborate your own custom security model. 我认为您必须详细说明自己的自定义安全模型。

The main issue to solve is how to share a "secret key" between you and the client. 要解决的主要问题是如何在您和客户端之间共享“秘密密钥”。 You can't install certificate, so you have to store the key in some other place, eg web.config inside section ... and the distribuite it in a secure way to the client. 您无法安装证书,因此必须将密钥存储在其他位置,例如,在...内的web.config,然后以安全的方式将其分发给客户端。

You can use this key to sign or encrypt the message; 您可以使用此密钥对消息进行签名或加密。 you can also use a standard schema where the password is encrypted. 您还可以使用对密码进行加密的标准架构。

Check also if you can use some WS-Security features!!! 还检查您是否可以使用某些WS-Security功能!!!

Moreover checks for Binding authentication and protection schemas offered by .Net Framework. 此外,还要检查.Net Framework提供的绑定身份验证和保护架构。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过代理连接到带有WCF的asmx Web服务 - Connecting to an asmx webservice with WCF through a proxy Singleton WebService(ASMX,不是WCF) - Singleton WebService (ASMX, not WCF) 将额外参数传递给Asmx Web服务 - Passing Extra Parameter to asmx webservice $ .ajax并将数据传递给.asmx webservice - $.ajax & passing data to .asmx webservice 来自Asmx Web服务的WCF客户端捕获SoapException - WCF Client Catching SoapException from asmx webservice 具有ASMX接口的WCF Web服务返回流 - WCF Webservice with an ASMX interface returning a Stream 在WCF或基于ASMX的Web服务中使用计时器? - Using Timer In WCF Or ASMX based webservice? 将xml数据传递到webservice .asmx的问题 - Problem with passing xml data to webservice .asmx 通过Web服务传递图像 - Passing an image through as webservice WCF WebService安全性:如何在WebService上使用安全性? - WCF WebService Security: How do I use security on a WebService?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM