WCF/jQuery 安全性
我有一组启用了 AspNetCompatibility 的 WCF 服务,并从 jQuery 使用它们。我的网络应用程序需要身份验证。此处仅使用逻辑(因为我缺乏足够的知识)是否意味着 WCF 将可访问并仅限于当前登录的用户?我知道有人可以捕获通信数据并尝试稍后重用它(我没有 ssl),但为此他应该登录。
我自己的乐观主义是对、错还是愚蠢?
I have a set of WCF services with AspNetCompatibility enabled and consume them from jQuery. My web application requires authentication. Using only logic here (as I lack enough knowledge) does that mean WCF will be accessible and limited only to currently logged users? I know one can catch communication data and try to reuse it later (I don't have ssl) but for that he should be logged in.
Right, wrong or just stupid in my own optimism?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,因为您启用了 ASP.NET 兼容性并且使用 ASP.NET 安全性,所以只要您对 WCF 资源有正确的
仅当您允许“*”时,未经身份验证的用户才无法访问您的 WCF 服务。
您可以在这篇 MSDN 文章的标题为以下的部分中阅读有关此内容的更多信息以 ASP.NET 兼容模式托管 WCF 服务。
Yes, because you have ASP.NET compatibility enabled and because you're using ASP.NET security, as long as you have the proper
<authorization>setting for the WCF resource it should be secured by ASP.NET security. At bare minimum this means you should have authorization defined as follows on the WCF resource:Only if you allowed "*" would your WCF service be inaccessible to non-authenticated users.
You can read more about this here in this MSDN article under the section titled Hosting WCF Services in ASP.NET Compatibility Mode.