WCF Soap Web 服务和身份验证
我正在创建一个使用 basicHttpBinding(SOAP) 的 WCF 服务。我希望对网络服务的每个请求都需要帐户名和密钥,本质上是用户名和密码。目前,这些值作为参数传递给每个公开的方法。这是处理这种情况的正确方法吗?这似乎违反了 DRY,我猜有一种更简单的内置方式。我见过一些通过拦截请求将用户名和密码插入标头的示例,但这种方法似乎为客户端连接增加了相当多的工作量。
谢谢!
I am creating a WCF service which uses basicHttpBinding(SOAP). I would like each request to the webservice to require an account name and a key, essentially a username and password. Currently these values are being passed as arguments to each exposed method. Is this the proper way to handle this situation? It seems to violate DRY, and I'm guessing that there is an easier, built in way. I have seen some examples of inserting a username and a password into the headers by intercepting the request but that approach seems to add quite a bit of effort for clients connecting.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
与其发送请求的用户名和密码,为什么不使用返回令牌并传递令牌的登录方法呢?
如果你想最小化 DRY,你可以执行以下操作:
首先,创建一个类似于以下内容的通用类,所有请求合约都继承自该类(除了登录和注销):
现在创建一个名为
private bool IsAuthenticated(string Token) 的私有函数)检查令牌。这最大限度地减少了检查身份验证的仪式。Rather then sending the user name and password ever request, why not have a login method that returns a token, and pass that?
If you want to minimize DRY you can do the following:
First, make a generic class similar to the following that all request contracts inherit from (besides Login and Logout):
Now make a private function called
private bool IsAuthenticated(string Token)that checks the token. This minimizes the ceremony of checking for authentication.