Is the asp.net membership system used over wcf (transport security turned on) enough for high security internet scenarios with thousands of clients spread all over the internet?
用于wcf(传输安全性)的asp.net会员系统是否已经足够用于高安全性互联网场景,数千个客户端遍布互联网?
I'm just evaluating possible solutions and wanted to know if this might fit in this category.
我只是在评估可能的解决方案,并想知道这是否适合这一类别。
If not, what would be the best method to provide high security access over wcf for internet scenarios?
如果没有,那么在互联网场景中为wcf提供高安全性访问的最佳方法是什么?
2 个解决方案
#1
3
Yes it will work; and with SSL/transport security the authentication will be protected by the transport. Will it scale? That's harder to say; it depends on too many factors.
是的它会起作用;并且通过SSL /传输安全性,传输将保护身份验证。它会扩展吗?这很难说;这取决于太多因素。
OK so by high security you're looking for non-repudiation? That's trickier; because of course people can share usernames and passwords. But even if you also used client certificates, well people share certificates. I'd certainly look at WCF auditing in combination with the authentication and set SupressAuditFailure to be false.
那么高安全性你是否正在寻找不可否认性?那太棘手了;因为人们当然可以共享用户名和密码。但即使您还使用了客户端证书,人们也可以共享证书。我当然会结合身份验证来查看WCF审核,并将SupressAuditFailure设置为false。
#2
0
high security means some of the information is "very confident". there may be several thousand clients that may contact the service maybe one or two times a day, so i guess scaling won't be the problem as the sessions are quite short lived.
高安全性意味着一些信息“非常自信”。可能有几千个客户可能每天接触一次或两次服务,所以我认为缩放不会是问题,因为会话很短暂。
#1
3
Yes it will work; and with SSL/transport security the authentication will be protected by the transport. Will it scale? That's harder to say; it depends on too many factors.
是的它会起作用;并且通过SSL /传输安全性,传输将保护身份验证。它会扩展吗?这很难说;这取决于太多因素。
OK so by high security you're looking for non-repudiation? That's trickier; because of course people can share usernames and passwords. But even if you also used client certificates, well people share certificates. I'd certainly look at WCF auditing in combination with the authentication and set SupressAuditFailure to be false.
那么高安全性你是否正在寻找不可否认性?那太棘手了;因为人们当然可以共享用户名和密码。但即使您还使用了客户端证书,人们也可以共享证书。我当然会结合身份验证来查看WCF审核,并将SupressAuditFailure设置为false。
#2
0
high security means some of the information is "very confident". there may be several thousand clients that may contact the service maybe one or two times a day, so i guess scaling won't be the problem as the sessions are quite short lived.
高安全性意味着一些信息“非常自信”。可能有几千个客户可能每天接触一次或两次服务,所以我认为缩放不会是问题,因为会话很短暂。