博客园  :: 首页  :: 联系 :: 订阅 订阅  :: 管理

WF4:如何对工作流服务进行授权访问

Posted on 2010-02-07 14:56  生鱼片  阅读(1813)  评论(0编辑  收藏  举报

ServiceAuthorizationManager 类:提供对服务操作的授权访问检查。

每次尝试访问资源时,CheckAccessCore 方法都会由 Windows Communication Foundation (WCF) 基础结构调用。若允许访问,则该方法返回 true;若拒绝访问,则返回 false 

1.       开发一个自定义的ServiceAuthorizationManager如下:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.ServiceModel;

 

namespace CaryWF

{

    public class CaryServiceAuthorizationManager:ServiceAuthorizationManager

    {

          private String[] serviceAllows;

 

          public CaryServiceAuthorizationManager()

        {

            String allowString = System.Configuration.ConfigurationManager.AppSettings["ServiceAllow"];

            serviceAllows = allowString.Split(',');

        }

 

        protected override bool CheckAccessCore(OperationContext operationContext)

        {

            var authCtx = operationContext.ServiceSecurityContext.AuthorizationContext;

            var identities = (List<System.Security.Principal.IIdentity>)(authCtx.Properties["Identities"]);

 

            foreach (var ident in identities)

            {

                var windowsIdent = ident as System.Security.Principal.WindowsIdentity;

                if (windowsIdent != null)

                {

                    var windowsPrincipal = new System.Security.Principal.WindowsPrincipal(windowsIdent);

                    foreach (String allow in serviceAllows)

                    {

                        Boolean fInRole = windowsPrincipal.IsInRole(allow);

                        if (fInRole)

                            return true;

                    }

                }

            }

            return false;

        }

    }

}

2.       新建项目

clip_image002

Web.config中增加允许人员配置,默认是下,工作流服务使用basicHttpBinding,他不支持授权,我们需要改为wsHttpBinding,还要配置serviceAuthorizationweb.config如下:

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

         <appSettings>

                   <add key="ServiceAllow" value="shsunplus\cary.sun"/>

         </appSettings>

  <system.web>

    <compilation debug="true" targetFramework="4.0" />

  </system.web>

  <system.serviceModel>

    <behaviors>

      <serviceBehaviors>

        <behavior>

          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->

          <serviceMetadata httpGetEnabled="true"/>

          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->

          <serviceDebug includeExceptionDetailInFaults="false"/>

                            <serviceAuthorization serviceAuthorizationManagerType="CaryWF.CaryServiceAuthorizationManager, CaryWF" />

        </behavior>

                    

      </serviceBehaviors>

    </behaviors>

           <protocolMapping>

                     <add scheme ="http" binding="wsHttpBinding"/>

           </protocolMapping>

  </system.serviceModel>

  <system.webServer>

    <modules runAllManagedModulesForAllRequests="true"/>

  </system.webServer>

</configuration>

 

3.        进行测试如下:使用WCFTestClient,如下:

成功调用的

clip_image004

 

如果不再配置中的人员,会被拒绝,如下:

clip_image006