stackoom
  简体   繁体   中英

Pass client info thru web site to WCF Rest service

 原文  2011-06-24 02:42:07       asp.net/ wcf/ rest/ soa

Question

I need to know the best approach to pass the client's information (identity, locale, etc) thru my ASP.NET website to my back-end WCF RESTful web services. I'd like the solution to be portable (reusable) to other applications as this model is very typical in my organization.

Here's the scenario:

  • The ASP.NET website runs on a web server that sits in our perimeter zone.
  • The WCF service application runs on an app server behind the firewall on our internal network.
  • The client (user) can be on our internal network or on the web when he/she browses to the website.
  • The website calls the web service to request various information or to perform certain tasks.
  • The web service needs the client's information in order to perform these operations.

Note: the website is using Forms Authentication and is NOT impersonating the user. So, passing the identity info or current culture info using WCF extensibility (behavior, inspectors, etc) only gives us the identity and culture of the web server and not the actual client.

Any suggestions?

1 answers

solution1
 0 ACCPTED  2011-06-24 08:57:22

This looks like a case for federated security.

Basically, when the user logs in you generate a session ticket. This can be a number or a string. This ticket contains encoded information about the user's identity and/or his roles, and an expiration timestamp.

You pass this session ticket to your REST calls, and the receiving server decodes the ticket to get the information he needs. If a ticket is invalid (not decryptable, outdated, or without the required rights), the server method rejects the operation and returns a 401 Unauthorized HTTP status.

To implement this, you can rely on Microsoft's implementation ( wsFederationHttpBinding ) or roll your own, which ususally requires less effort.

One more note: to generate and authenticate the tickets, you may create another service which sits behind your 2nd firewall, or you may use an in-memory DLL... But make sure that generating a ticket is not easy to do in case the webserver gets compromised.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Pass User info to WCF Web service with WCF method vs with Soap header deploying a wcf service web site ASP.NET Web Site + Windows Forms App + WCF Service: Client Credentials SignalR in WCF service to update web site clients WCF REST web service on IIS 7.5 WCF rest web service working on localhost but not on host Problems debugging WCF Web Api REST service What is the difference between Rest Web Service & rest enabled wcf service? WCF Restful service not sending response to web client Use WCF web service from client and server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM