在WCF中如何配置基于asp.net role的授权机制,看了些时日,总算有点眉目了 。
以下是一个典型的通过自定义的role-based (principalPermissionMode=UseAspNetRoles)来进行授权的WCF service config file.
Code
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name='ServiceBehavior'>
<serviceAuthorization principalPermissionMode='UseAspNetRoles' roleProviderName='AuthorizationStoreRoleProvider' />
<serviceMetadata httpGetEnabled ='true'/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="Service.ResourceAccessServiceType"
behaviorConfiguration='ServiceBehavior'>
<host>
<baseAddresses>
<add baseAddress='net.tcp://localhost:9000/Woodgrove'/>
<add baseAddress='http://localhost:8000/Woodgrove'/>
</baseAddresses>
</host>
<endpoint address="ResourceAccess"
binding="netTcpBinding"
contract="Service.IResourceAccessContract" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
<!-- Role Provider Configuration -->
<system.web>
<roleManager defaultProvider="AuthorizationStoreRoleProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All" >
<providers>
<clear />
<add
name="AuthorizationStoreRoleProvider"
type="System.Web.Security.AuthorizationStoreRoleProvider"
connectionStringName="AuthorizationServices"
applicationName="RoleProvider" />
</providers>
</roleManager>
</system.web>
<!-- Connection Strings -->
<connectionStrings>
<add
name="AuthorizationServices"
connectionString="msxml://D:\documentation\AuthorizationStore.xml" />
</connectionStrings>
</configuration>
而通过azMan生成的授权配置 xml文件(该文件路径:D:\documentation\AuthorizationStore.xml)如下
Code
<?xml version="1.0" encoding="utf-8"?>
<AzAdminManager MajorVersion="1" MinorVersion="0">
<AzApplication Guid="ce0032aa-9b1a-4243-b065-ee654d1ec90d" Name="RoleProvider" Description="" ApplicationVersion=""><AzOperation Guid="497d2e02-18d4-49d2-b8ef-88bc58828509" Name="SomeOperation" Description=""/><AzTask Guid="c1ca5e81-099b-4ba0-ab94-d3c9ed583b72" Name="Manager" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzTask Guid="a9dfdf2b-fe2a-4573-93e0-28a2e2afe234" Name="StaffMember" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzRole Guid="2381420b-45e9-4c27-9fd5-299e241aa4df" Name="Manager"><TaskLink>c1ca5e81-099b-4ba0-ab94-d3c9ed583b72</TaskLink><Member>S-1-5-21-2146773085-903363285-719344707-661121</Member></AzRole><AzRole Guid="36e60ed8-fc70-4b12-9353-95a96e13e431" Name="StaffMember"><TaskLink>a9dfdf2b-fe2a-4573-93e0-28a2e2afe234</TaskLink><Member>S-1-1-0</Member></AzRole></AzApplication></AzAdminManager>
那么,什么是azMan,如何配置?这里推荐一片极好的文章,讲解了如何利用azMan对于中间层的.net 应用程序实现role-based的身份安全验证机制。
链接地址如下:http://msdn.microsoft.com/zh-cn/magazine/cc300469(en-us).aspx