维护 WCF 客户端和服务之间的身份验证? (提供工作流程)
我想要做的是:
1)对客户端对 WCF 服务进行的第一次调用进行身份验证,这将基于每个用户而不是每个应用程序。
2) 检查客户端是否有权拨打电话。
3) 对于后续调用,仅进行授权,之前的调用已在步骤 1 中进行了身份验证。
或者
如果客户端由于某种原因连接到服务的不同实例,或者“握手”被破坏以重新进行身份验证。
我希望这是有道理的,这是否在使用用户名和密码身份验证和授权的 WCF 中隐式发生,或者我/是否有办法编写自定义的内容?本质上这是为了效率。
非常感谢, 河豚
What I want to do is:
1) Authenticate the client for the first call it makes to the WCF service, this will be on a per-user basis rather than a per-application basis.
2) Check the client is authorized to make the call.
3) For subsequent calls to only authorize, with authentication having already been made in step 1 for a previous call.
OR
If the client has connected to a different instance of the service for some reason or the "handshake" is broken to re-authenticate.
I hope this makes sense, does this implicitly happen in WCF using say Username and Password authentication and authorization or do I/is there a way to write something customized? Essentially this is for efficiency.
Many thanks,
Fugu
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这称为安全上下文(或安全会话),并且可以通过消息安全来实现。唯一的限制是会话是在单个服务实例和客户端代理之间处理的(所有调用必须在同一代理实例上完成)。
以下是允许安全上下文的一些基本配置:
EstabilishSecurityContext默认情况下为 true。当您打开此功能时,将使用 WS-SecureConversation 协议。第一次调用会传递经过身份验证的凭据,并向客户端颁发安全令牌。接下来的调用使用此安全令牌来提供客户端身份。此行为对于开发人员来说是透明的,因此您根本不必处理令牌。This is called Security context (or security session) and it is possible with message security. The only limitation is that session is handled between single service instance and client proxy (all calls must be done on the same proxy instance).
Here is some basic configuration for allowing Security context:
EstabilishSecurityContextis true by default. When you turn this on WS-SecureConversation protocol is used. First call passes credentials which are authenticated and security token is issued to the client. Next calls use this security token to provide client identity. This behavior is transparent for developer so you don't have to deal with token at all.