如何在WCF中实现客户端和服务器之间的身份验证？

I need to implement a model, where only an authorized set of clients can use a WCF server. I thought of something along passing an AUTH structure as a param inside each method call. Is this the best method to implement this kind of security, or is there an easier/better way of doing this? for example i developed and publish the service like below: http://MyServer.my.com/MyService[^] By default any any one who know the URL can consume the service. How i can set specified Set of client can consume the URL. Also how can we assure no one can change the data between communication.

我需要实现一个模型,其中只有一组授权的客户端可以使用WCF服务器。我想到了在每个方法调用中将AUTH结构作为参数传递的东西。这是实现这种安全性的最佳方法,还是有更简单/更好的方法来实现这一点?例如,我开发并发布了如下服务:http://MyServer.my.com/MyService [^]默认情况下,任何知道URL的人都可以使用该服务。如何设置指定的客户端集可以使用URL。另外,我们如何确保没有人能够在通信之间改变数据。

For eg: client send request for Balance Enquiry service with reponse 500 Rs but some one tried to change it to 500 Rs.

例如:客户端发送平衡查询服务请求,响应500卢比,但有人试图将其更改为500卢比。

1 个解决方案

#1

For authentication you can use basic authentication. If using IIS, Web Service users can be local users that have read permissions over the svc file.

对于身份验证,您可以使用基本身如果使用IIS,则Web Service用户可以是对svc文件具有读取权限的本地用户。

For channel security you can use transport mode (https). You will need a certificate for this, but it can be a self signed created by you.

对于通道安全性,您可以使用传输模式(https)。您需要一个证书,但它可以是您创建的自签名证书。

This example sets server and client: http://msdn.microsoft.com/en-us/library/ms733775%28v=vs.110%29.aspx

此示例设置服务器和客户端:http://msdn.microsoft.com/en-us/library/ms733775%28v=vs.110%29.aspx

#1