I've read several entries on the web about securing WCF Data Services (OData). I would be glad to hear your recommendation about securing WCF DS ass开发者_Go百科uming it will be consumed by Java client.
I think you have a number of options available. Since it's all REST requests, the client doesn't really matter too much (except that it rules out any Windows-specific integrated stuff). :)
I've done some prototypes where I have an encrypted token in my request header which I grab in the OnStartProcessingRequest event handler. You have access to HttpContext.Current, so you can just grab the request header, validate it against your token store, and then either let the request continue or not. The client, whether it's Java, C#, JavaScript or whatever would be responsible for creating the token and appending it to your request headers.
Last year, the WCF Data Services team put out a series of blog posts responding to some community criticism that WCF Data Services weren't not that secure. They listed out a number of different scenarios on securing your WCF Data Services. Two entries in particular that I think are appropriate for your situation are these:
OData and Authentication – Part 4 – Server Side Hooks
OData and Authentication – Part 5 – Custom HttpModules
You can find all blogs in the series here.
I think those two links are useful because it's all about the server-side configuration. OData support is also contained within RESTlet extension, but being a .NET guy, I can't give you much more info that that. :)
I hope this helps. Good luck!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论