如何编写安全的 ClientAccessPolicy.xml 文件?
我正在使用一个 ClientAccessPolicy.xml 文件,我认为该文件几乎允许对我的 WCF 服务进行所有访问:
<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>"
到目前为止,我只想允许我的 Silverlight 应用程序和我的网站(MVC2,如果重要的话)能够访问该服务,但我不知道应该如何修改我的策略文件来做到这一点。我真的不知道他们每个人都需要什么类型的访问权限。有人可以推荐一个关于如何解决这个问题的好资源,以及关于如何具体处理我的 clientaccesspolicy.xml 文件以确保我的服务安全但仍然可以通过 BasicHttpBindings 和 WebHttpBindings 获得的建议吗?
I'm using a ClientAccessPolicy.xml file that I think allows pretty much all access to my WCF service:
<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>"
So far, I only want to allow my Silverlight application, and my website (MVC2 if that matters) to be able to access the service, but I don't know how I should modify my policy file to do that. I don't really know what type of access each of them needs. Can someone recommend a good resource on how to get caught up with that, as well as a suggestion as to what to specifically do with my clientaccesspolicy.xml file to make my service secure, but still available via BasicHttpBindings and WebHttpBindings?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查看 Silverlight 的 HTTP 通信和安全性
发现它对解决此类问题非常有帮助。
Check out HTTP Communication and Security with Silverlight
I found it to be very helpful with these kinds of questions.