WCF - 第三方应用程序身份验证
我目前正在开发 iPhone 应用程序。此应用程序回调通过我的 ASP.NET Web 应用程序公开的 WCF 服务。目前,我的 WCF 操作如下所示:
[OperationContract]
[WebInvoke(Method = "POST")]
public string SubmitMessage(string message, int priority)
{
try
{
// Process message
// Return success code | message
}
catch (Exception)
{
// Return error code | message
}
}
我的 Web 应用程序正在使用 ASP.NET 表单身份验证。我的挑战是,我只希望经过身份验证的用户能够从他们的 iPhone 调用此操作。我知道 iPhone SDK 已经支持 XML。但是,我不确定如何锁定我的 WCF 操作,以便只有经过身份验证的用户才能访问它。
如何使我的 WCF 操作只能由来自第三方应用程序的经过身份验证的用户访问?
谢谢
I am currently working on an iPhone application. This application calls back to WCF services exposed through my ASP.NET web application. Currently, my WCF operation looks like the following:
[OperationContract]
[WebInvoke(Method = "POST")]
public string SubmitMessage(string message, int priority)
{
try
{
// Process message
// Return success code | message
}
catch (Exception)
{
// Return error code | message
}
}
My web application is using ASP.NET Forms Authentication. My challenge is, I only want authenticated users to be able to call this operation from their iPhone. I know that the iPhone SDK has baked in support for XML. However, I’m not sure how to lock down my WCF operation such that only authenticated users can access it.
How do I make my WCF operation only accessible to authenticated users from third party applications?
Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这必须在传输的双方(即服务器(WCF 站点)和客户端(iPhone))上完成。
如果您使用 SOAP 端点,那么您应该寻找 Objective-C SOAP 客户端库。这样,您所要做的就是根据您的需要设置最佳安全选项,并且您的服务器端代码将与目前几乎相同。
相反,如果您公开为 RESTful 端点,我建议您寻找 OpenID(&OAuth) 方法。这里还提供 .NET 和 Objective-C 库。我相信这个解决方案需要在双方进行更多编码。
This has to be done in both sides of the transfer, namely server (WCF site) and client (iPhones).
If you're using SOAP endpoints then you should look for Objective-C SOAP client libraries. This way all you will have to do is to setup best security options to your needs and your server-side code will be almost identical as it is at the moment.
Instead if you're exposing as RESTful endpoints I suggest you to look for an OpenID(&OAuth) approach. Here also, there are .NET and Objective-C libraries available. I belive this solution would require much more coding in both of the sides.