I'm currently considering creating an application to deploy to the azure cloud. The main reason for considering Azure over Amazon is the access control service. I want to accept as many different credential types as possible for my application, especially Facebook.
我目前正在考虑创建一个部署到azure云的应用程序。考虑Azure优于亚马逊的主要原因是访问控制服务。我希望为我的应用程序接受尽可能多的不同凭据类型,尤其是Facebook。
Some of the user's will be using the HTML based application, others a WPF client application. The question is, how do I authenticate the client using whichever provider they want and then communicate with the WCF service. I'm guessing I need to use the web-browser component in my application, or pop-up an external browser (ideally support both options for paranoid users), but I'm not clear how to then use that connection for the WCF service.
一些用户将使用基于HTML的应用程序,其他用户将使用WPF客户端应用程序。问题是,如何使用他们想要的任何提供程序对客户端进行身份验证,然后与WCF服务进行通信。我猜我需要在我的应用程序中使用Web浏览器组件,或弹出一个外部浏览器(理想情况下支持偏执用户的两个选项),但我不清楚如何将该连接用于WCF服务。
3 个解决方案
#1
0
Consider separating the authentication of the user to the application from the authentication between application and WCF service.
考虑将用户的身份验证与应用程序和WCF服务之间的身份验证分开。
To secure access to the WCF service, you can use the ACS to implement authentication using a Simple Web Token (SWT). There are several examples of this available through your search engine of choice.
要保护对WCF服务的访问,可以使用ACS通过简单Web令牌(SWT)实现身份验证。有几个例子可以通过您选择的搜索引擎获得。
Sorry I can't give you a more concrete example at the moment. I'm mobile with an i-device and thus have limited access to tools.
对不起,我暂时不能给你一个更具体的例子。我使用i-device移动,因此对工具的访问权限有限。
#2
0
I think your intend is some how Authenticate/Authorize users for this WCF service right? In this case you can look at the "Windows 7 phone application" sample: http://msdn.microsoft.com/en-us/library/gg983271.aspx. In here you will see that this sample is using "javascriptnotify" protocol.
我认为您打算如何验证/授权用户使用此WCF服务?在这种情况下,您可以查看“Windows 7手机应用程序”示例:http://msdn.microsoft.com/en-us/library/gg983271.aspx。在这里,您将看到此示例使用“javascriptnotify”协议。
For WPF WebBrowser control there are many articles which describe how to get notifications from the javascript in the DOM.
对于WPF WebBrowser控件,有很多文章描述了如何从DOM中的javascript获取通知。
This way you can get a token for your WPF application and then you will need to use the same token to authenticate to WCF service.
这样您就可以获得WPF应用程序的令牌,然后您需要使用相同的令牌来验证WCF服务。
In the case of the Web Application you can get the token from WSFam module. One way to do this might be registering for SecurityTokenReceived event on WSFam.
对于Web应用程序,您可以从WSFam模块获取令牌。一种方法是在WSFam上注册SecurityTokenReceived事件。
This way for both scenario you can end up with a SAML token.
对于这两种情况,这种方式最终都可以使用SAML令牌。
Then you can author your own custom SAML TokenProvider for the WCF and use the SAML token you got from ACS to talk to your server.
然后,您可以为WCF创建自己的自定义SAML TokenProvider,并使用从ACS获得的SAML令牌与您的服务器通信。
#3
0
What you're looking for is called 'active federation'. See this question
您正在寻找的是“活跃联邦”。看到这个问题
Typically, your web clients will use the passive form, in which they are redirected to a login page owned by a Security Token Service. You can't redirect a wpf or winforms application, so your application needs to go through the motions that your browser does behind the scenes for you, including negotiating and caching the security token you receive from the STS and then presenting it on each request.
通常,您的Web客户端将使用被动表单,在该表单中,它们被重定向到安全令牌服务所拥有的登录页面。您无法重定向wpf或winforms应用程序,因此您的应用程序需要经历您的浏览器在幕后为您执行的操作,包括协商和缓存您从STS收到的安全令牌,然后在每个请求中显示它。
#1
0
Consider separating the authentication of the user to the application from the authentication between application and WCF service.
考虑将用户的身份验证与应用程序和WCF服务之间的身份验证分开。
To secure access to the WCF service, you can use the ACS to implement authentication using a Simple Web Token (SWT). There are several examples of this available through your search engine of choice.
要保护对WCF服务的访问,可以使用ACS通过简单Web令牌(SWT)实现身份验证。有几个例子可以通过您选择的搜索引擎获得。
Sorry I can't give you a more concrete example at the moment. I'm mobile with an i-device and thus have limited access to tools.
对不起,我暂时不能给你一个更具体的例子。我使用i-device移动,因此对工具的访问权限有限。
#2
0
I think your intend is some how Authenticate/Authorize users for this WCF service right? In this case you can look at the "Windows 7 phone application" sample: http://msdn.microsoft.com/en-us/library/gg983271.aspx. In here you will see that this sample is using "javascriptnotify" protocol.
我认为您打算如何验证/授权用户使用此WCF服务?在这种情况下,您可以查看“Windows 7手机应用程序”示例:http://msdn.microsoft.com/en-us/library/gg983271.aspx。在这里,您将看到此示例使用“javascriptnotify”协议。
For WPF WebBrowser control there are many articles which describe how to get notifications from the javascript in the DOM.
对于WPF WebBrowser控件,有很多文章描述了如何从DOM中的javascript获取通知。
This way you can get a token for your WPF application and then you will need to use the same token to authenticate to WCF service.
这样您就可以获得WPF应用程序的令牌,然后您需要使用相同的令牌来验证WCF服务。
In the case of the Web Application you can get the token from WSFam module. One way to do this might be registering for SecurityTokenReceived event on WSFam.
对于Web应用程序,您可以从WSFam模块获取令牌。一种方法是在WSFam上注册SecurityTokenReceived事件。
This way for both scenario you can end up with a SAML token.
对于这两种情况,这种方式最终都可以使用SAML令牌。
Then you can author your own custom SAML TokenProvider for the WCF and use the SAML token you got from ACS to talk to your server.
然后,您可以为WCF创建自己的自定义SAML TokenProvider,并使用从ACS获得的SAML令牌与您的服务器通信。
#3
0
What you're looking for is called 'active federation'. See this question
您正在寻找的是“活跃联邦”。看到这个问题
Typically, your web clients will use the passive form, in which they are redirected to a login page owned by a Security Token Service. You can't redirect a wpf or winforms application, so your application needs to go through the motions that your browser does behind the scenes for you, including negotiating and caching the security token you receive from the STS and then presenting it on each request.
通常,您的Web客户端将使用被动表单,在该表单中,它们被重定向到安全令牌服务所拥有的登录页面。您无法重定向wpf或winforms应用程序,因此您的应用程序需要经历您的浏览器在幕后为您执行的操作,包括协商和缓存您从STS收到的安全令牌,然后在每个请求中显示它。