通过 IIS 中的表单身份验证公开 WCF 服务:如何使元数据 (?wsdl) 公开,但操作受到保护
我们有一些通过 IIS 托管的 WCF 服务。该应用程序通常使用表单身份验证,我们希望继续将其提供给 Web 服务客户端。我们的 web.config 中只有一个
问题是我们希望用户无需身份验证即可访问服务的元数据。他们可以匿名访问 /services/v1/ArtifactService.svc?wsdl 但仍需要对 /services/v1/ArtifactService.svc/rest/GetArtifacts?studyId=123 进行身份验证?如果是这样,我无法找出配置中正确的咒语。
我能想到的最好办法是在元数据服务行为中设置绝对 URL,但随后我必须修改我们部署的任何地方的安装路径。 (
有什么想法吗?
We've got some WCF services we're hosting via IIS. The application in general uses Forms Authentication, and we'd like to continue making that available for web service clients. We just have a <authorization><deny users="?"> in our web.config and some authentication/redirection goodness that gets everything done.
The problem is we'd like for users to be able to access the metadata for the services without authentication. Can they visit /services/v1/ArtifactService.svc?wsdl anonymously and yet still require authentication for /services/v1/ArtifactService.svc/rest/GetArtifacts?studyId=123? If so, I can't figure out the right incantation in the configuration.
The best I can think of is to set an absolute URL in the metadata service behavior, but then I have to doctor the path on install anywhere we deploy. (<serviceMetadata httpGetEnabled="true" httpGetUrl="http://some/absolute/path">).
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为这是不可能的。如果您需要使用allow和deny元素对资源进行授权,则无法根据url查询指定不同的授权级别。您必须控制服务中的授权-PrincipalPermission。
I think this is not possible. If you require authorization on the resource by using allow and deny elements you can't specify different authorization level based on url query. You have to control authorization in the service - PrincipalPermission.