I have found a lot of material on the web about using the ASP.NET Membership Provider with the wsHttpBindings, but I haven't seen any reference to using it with webHttpBindings.
我在Web上发现了很多关于将ASP.NET成员资格提供程序与wsHttpBindings一起使用的资料,但是我没有看到任何关于将它与webHttpBindings一起使用的参考资料。
I am looking for a system that will work in two scenarios:
我正在寻找一个可以在两种情况下工作的系统:
- The user is logged into an asp.net website and the website is making calls to the service.
- 用户登录到asp.net网站,该网站正在调用该服务。
- The user accesses the service directly via REST.
- 用户通过REST直接访问服务。
Is this possible using the built in framework (i.e. just through configuration)? If so how do I configure the service? And how does the user pass the credentials to the REST service?
这是否可以使用内置框架(即仅通过配置)?如果是,我该如何配置服务?用户如何将凭据传递给REST服务?
2 个解决方案
#1
2
The best source I've found is here: http://www.leastprivilege.com/FinallyUsernamesOverTransportAuthenticationInWCF.aspx
我发现的最好的来源是:http://www.leastprivilege.com/FinallyUsernamesOverTransportAuthenticationInWCF.aspx
The site also has tons of other information about setting up HTTP Modules to handle basic authentication (which I'm guessing you'll be using since it is kind of the standard).
该网站还有大量关于设置HTTP模块以处理基本身份验证的其他信息(我猜你将使用它,因为它是一种标准)。
The HTTP Module authentication method is located on Codeplex with sample code and everything here: http://www.codeplex.com/CustomBasicAuth
HTTP模块身份验证方法位于Codeplex上,带有示例代码和所有内容:http://www.codeplex.com/CustomBasicAuth
#2
0
ADO.NET Data Services you mean?
你的意思是ADO.NET数据服务?
You can build a QueryInterceptor for an entity and limit the access to it. For example:
您可以为实体构建QueryInterceptor并限制对它的访问。例如:
[QueryInterceptor("foo_entity")]
public Expression<Func<foo_entity, bool>> FilterMembership()
{
MembershipUser user = Membership.GetUser();
Guid userGuid = (Guid)user.ProviderUserKey;
return c => c.UserId == userGuid;
}
#1
2
The best source I've found is here: http://www.leastprivilege.com/FinallyUsernamesOverTransportAuthenticationInWCF.aspx
我发现的最好的来源是:http://www.leastprivilege.com/FinallyUsernamesOverTransportAuthenticationInWCF.aspx
The site also has tons of other information about setting up HTTP Modules to handle basic authentication (which I'm guessing you'll be using since it is kind of the standard).
该网站还有大量关于设置HTTP模块以处理基本身份验证的其他信息(我猜你将使用它,因为它是一种标准)。
The HTTP Module authentication method is located on Codeplex with sample code and everything here: http://www.codeplex.com/CustomBasicAuth
HTTP模块身份验证方法位于Codeplex上,带有示例代码和所有内容:http://www.codeplex.com/CustomBasicAuth
#2
0
ADO.NET Data Services you mean?
你的意思是ADO.NET数据服务?
You can build a QueryInterceptor for an entity and limit the access to it. For example:
您可以为实体构建QueryInterceptor并限制对它的访问。例如:
[QueryInterceptor("foo_entity")]
public Expression<Func<foo_entity, bool>> FilterMembership()
{
MembershipUser user = Membership.GetUser();
Guid userGuid = (Guid)user.ProviderUserKey;
return c => c.UserId == userGuid;
}