WCF - Common Security Scenarios

WCF常用的安全方案

随着WCF使用越来越频繁,总会遇到各种各样的问题,MSDN中的文档有时候也并不能帮我们完全解决问题,所以很多东西还是要靠自己在实践中积累。在接下来的篇幅中,我将结合对WCF的了解以及项目中的一些经验,并针对WCF常用的安全方案,通过一些小实例,给大家提供一些参考资料。


点击下载 实例源码

解决方案如图所示

所有的实例中,我们都采用同一个ServiceContractService 在这里,我们先列出来。
这里涉及的只是安全方面的问题,所以提供了一个很简单的方法,通过判断提供的Name和Password来返回一条信息。
ServiceContract:  IService.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace WcfSecuritySampleLibrary
{
    [ServiceContract]
    public interface IService
    {
        [OperationContract]
        string Login(User user);
    }

    [DataContract]
    public class User
    {
        string _name = string.Empty;
        string _password = string.Empty;
        [DataMember]
        public string Name
        {
            get return _name; }
            set { _name = value; }
        }

        [DataMember]
        public string Password
        {
            get return _password; }
            set { _password = value; }
        }
    }
}

Service:  Service.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace WcfSecuritySampleLibrary
{
    public class Service : IService
    {
        public string Login(User user)
        {
            string resultMsg = string.Empty;
            string welcomeMsg = "Hello ";
            if (!object.Equals(user, null))
            {
                if (string.IsNullOrEmpty(user.Name) || string.IsNullOrEmpty(user.Password))
                {
                    resultMsg = "Name or Password should not be empty";
                }
                else if (user.Name.Trim().ToLower() != "leo" || user.Password.Trim().ToLower() != "leo")
                {
                    resultMsg = "Name or Password is incorrect";
                }
                else
                {
                    resultMsg = welcomeMsg + "Leo. You are a registered user.";
                }
            }
            else
            {
                resultMsg = "System error";
            }

            return resultMsg;
        }
    }
}


接下来我们要陆续讨论具体的WCF常用安全:
Internet Unsecured Client and Service
Intranet Unsecured Client and Service
Transport Security with Basic Authentication
Transport Security with Windows Authentication
Transport Security with an Anonymous Client
Transport Security with Certificate Authentication
Message Security with an Anonymous Client
Message Security with a User Name Client
Message Security with a Certificate Client
Message Security with a Windows Client
Message Security with a Windows Client without Credential Negotiation
Message Security with Mutual Certificates
Message Security with Issued Tokens
Trusted Subsystem

posted on 2008-06-13 11:25  散步的蠕虫  阅读(359)  评论(0编辑  收藏  举报

导航