验证 WCF 数据服务
我正在尝试通过 Silverlight 对 WCF DataServices 服务的调用进行身份验证。本质上,当用户登录时,他们会获得一个特殊的哈希值,该哈希值应嵌入到 WCF 数据服务的每个请求的标头中。目前,通过 QueryInterceptor 方法将此用作检查,例如,
[QueryInterceptor("Orders")]
public Expression<Func<Orders,bool>> OnQueryOrders()
{
string hash = WebOperationContext.Current.IncomingRequest.Headers.Get("MyHeader");
if(!TestHash(hash))
{
return o => false;
}
else
{
return o => true;
}
}
这似乎是实现此目的的最差方法。 WCF 数据服务中是否有任何在查询运行之前运行的挂钩可用于取消请求?请记住,此服务是无状态的,并且无法访问会话。
I am trying to authenticate calls to a WCF DataServices service via Silverlight. Essentially, when a user logs in they get a special hash which should be embedded in the headers of every request to the WCF DataServices. Currently use this as a check via a QueryInterceptor method eg
[QueryInterceptor("Orders")]
public Expression<Func<Orders,bool>> OnQueryOrders()
{
string hash = WebOperationContext.Current.IncomingRequest.Headers.Get("MyHeader");
if(!TestHash(hash))
{
return o => false;
}
else
{
return o => true;
}
}
This seems like the WORST way to achieve this. Is there any hook in WCF Dataservices the runs before a query is run that you can use to cancel a request? Bear in mind this service is stateless and has no access to session.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
事实上我想我自己解决了这个问题。通过重写 OnStartProcessingRequest 我可以抛出异常,如果它不适合,例如
Actually I think I resolved this issue myself. By overriding the OnStartProcessingRequest I can throw an exception if it doesn't suit e.g.
您考虑过 WCF 消息检查器吗?我认为(不保证)消息检查器将在查询拦截器之前被命中,因此您可以检查标头并验证用户哈希值。这是一个很好的链接,其中包含 编写消息检查器
Have you considered WCF Message Inspectors? I think (not guaranteed) the message inspector will be hit before the query interceptor so and you can inspect the headers and verify the users hashed value. Here's a good link with info on Writing Message Inspectors