stackoom
  简体   繁体   中英

Best authentication/security strategy for WCF service with multiple clients

 原文  2013-08-21 15:56:29       c#/ wcf/ security/ authentication/ cross-platform

Question

I've been asked to investigate WCF security and authentication in order to build a set of web services that fit into our business application.

Currently our application is written with ASP.NET with a lot of back-end code written in C#, and some WCF services which rely on forms authentication. Unfortunately, as time has progressed, the code base has become very ad-hoc, therefore there is no real logical separation/layering.

In the grand scheme of things, we want a structured application with a data access layer, business logic layer, data transport layer (WCF) and various presentation layers (of which the ASP.NET website will be one).

I've been told that in future, we may also support presentation layers written using Windows Forms, WPF, Console Applications and even some written in Java (for Linux and Mac users).

I'm relatively new to WCF. I understand the basic principles of it, but when it comes to authentication/security, I'm definitely no expert!

I know there are lots of different strategies for authentication/security in WCF; I'm looking for the most suitable given the range of presentation platforms. So, given the scenario of using ASP.NET, Windows Forms, WPF, Java as the various presentation layers, what is the best strategy for authentication and security in WCF services?

1 answers

solution1
 1  2013-08-21 16:23:33

The best strategy for you is going to depend on your security requirements. In other words, there is not a best strategy that applies to all solutions.

I would suggest taking a look at the WCF Security Guide . It will get you up to speed on the basics of security in WCF. It also has sections for common Intranet and Internet scenarios with prescriptive guidance for each. Based on the little bit of information you've provided here, I think you will find one of these scenarios aligns to your needs. The guide is old, but still very relevant.

Later, you may want to look at the benefits of moving to a claims-based security model. This is a huge topic so I'll just point you to this guide for future reference.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User authentication for mobile clients in RESTful WCF 4 service Best strategy to pass a token / cookie to a WCF service? What is the best design strategy for exposing multiple DataObjects/Methods within the .Net WCF service framework? WCF : Service does not work for multiple clients Asynchronously return from wcf service to multiple clients WCF: Authentication Service or token-based security? Console hosted WCF data service with transport security running but not found by clients Strategy for WCF server with .Net clients and Android clients? Best way to secure a WCF service on the internet with few clients Reuse of WCF service clients
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM