WCF (SOAP):使用自定义用户名验证器保护单个操作 - 类似于 WcfRestContrib 提供的功能,但适用于肥皂?
我希望能够在操作级别而不是服务级别上保护我的 WCF 服务。
因此,有些方法受到保护,有些则不受保护。我知道有一个名为 PrincipalPermission 的属性,但这适用于 Windows,
我希望 WCF Soap 存在某些属性,就像此 contrib 项目中的 WCF Rest 一样。 WcfRestContrib
这个额外的项目允许使用自定义用户名和密码验证器,并允许它仅通过用属性装饰方法来保护某些方法
这对于 WCF (soap) 来说可能吗?
提前致谢
I was hoping to be able to protect my WCF services on an operation level not service level.
Hence some methods are protected and others not. I know there is an attribute called PrincipalPermission but this works with Windows
I was hoping something existed for WCF Soap like it does for WCF Rest in this contrib project. WcfRestContrib
This extra project allows the use of a custom username and password validator and allow it only to protect certain methods by decorating the methods with an attribute
Is this possible with WCF (soap)?
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,可以使用 WCF 中的 SOAP 进行操作级别授权检查,但您需要进行基于声明的授权(据我所知)。这就是我的团队为我们的产品所做的事情。
WCF 中的挂钩点是实现自定义 ServiceAuthorizationManger
ServiceAuthorizationManager。 CheckAccessCore 方法
如何:为服务创建自定义授权管理器
并将其插入到您的服务行为中:
当您实现授权管理器时,覆盖 CheckAccessCore,然后简单地返回 true/false 是否获得授权。
Yes, it is possible to do operation level authorization checks with SOAP in WCF, but you'll need to do claims based authorization (as far as I know). That's what my team does for our product.
The hook point in WCF is to implement a custom ServiceAuthorizationManger
ServiceAuthorizationManager.CheckAccessCore Method
How to: Create a Custom Authorization Manager for a Service
and plug that into your service behaviour:
When you implement your authorization manager, override CheckAccessCore, and then simply return true/false is they are authorized or not.