WCF 授权服务。有现成的模式吗?建议?

发布于 2024-12-01 16:00:31 字数 206 浏览 1 评论 0原文

在我们的应用程序中,我们有很多不同的配置文件。每个配置文件使用户能够访问服务的特定功能或执行特定次数的特定操作。

我们正在考虑创建一个 WCF 授权服务来集中所有事物的逻辑,因此“从属”应用程序将仅反映此“裁判”应用程序告诉它们执行的操作。

你认为这是个好主意吗?是您已经使用过的模式吗?网上有什么可以学习的吗?

谢谢你的意见。

马可

in our application we have a lot of different profiles. Each profile enables the user to access to specific functions of the service or to perform particular actions for a specific number of times.

We are thinking about creating a WCF Authorization Service to centralize the logic of everything and so "slave" applications will just reflect what this "referee" application tells them to do.

Do you think this is a good idea? Is a pattern you already used? Is there anything on the net that can be studied?

Thanks for your opinion.

Marco

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

阳光下慵懒的猫 2024-12-08 16:00:31

您可能想了解一下通过 Windows Identity Foundation (WIF) 进行的基于声明的身份验证。在此模型中,您的“从属”服务成为所谓的依赖方 (RP),每个服务都信任身份验证令牌的颁发者 (STS)。该令牌包含可以针对每个 RP 进行定制的声明。它建立在开放标准的基础上,并且可能会比您自己的标准更加安全和面向未来。

所有这些都将通过扩展 IPrincipal 和 IIdentity 的相对简单的 WIF API 在您的服务中呈现。也许现在需要做更多的工作,但从长远来看肯定会提供更好的解决方案?

更多信息

编辑:
您的服务将信任 STS。因此,当用户带着 STS 发出的一组声明走向您的服务时,您会将这些声明视为有效。您的服务不需要包含任何查找角色的逻辑,因为它全部包含在 STS 定义的声明中。作为服务开发人员,您所做的就是根据这些声明来决定用户可以做什么或不能做什么。以下开发人员白皮书可能会有所帮助 (PDF)。

You might want to take a look at claims based authentication through Windows Identity Foundation (WIF). In this model your "slave" services become what's known as a relying party (RP) which each trust the issuer (STS) of an authentication token. This token contains claims that can be customised to each RP. It's built on open standards and will likely prove far more secure and future proof that rolling your own.

All of this will be surfaced in your services through the relatively easy WIF API that extends IPrincipal and IIdentity. Perhaps a little more work up front now but certainly providing a better solution long term?

More info here

Edit:
Your services will trust the STS. Therefore when the user walks up to your service with a set of claims issued by the STS you take these as valid. Your services don't need to contain any logic for looking up roles as it's all contained in the claim which has been defined by the STS. All you do as a service developer is decide what the user can or cannot do based on those claims. The following developer whitepaper may help (PDF).

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文