I'm new to using WCF and need some help configuring security for a simple WCF 4.0 service. I want to allow one particular domain user account to be able to access the service and no one else. I've seen some sample code where the accounts credentials are sent via the proxy in the client application calling the service, like this: proxy.ClientCredentials.Windows.ClientCredential.UserName = "MyUsername"; proxy.ClientCredentials.Windows.ClientC开发者_JAVA技巧redential.Password = "MyPassword"; But I can't figure out how to configure the endpoint in my service to accept that user as the only one authorized to use the service. Here is the code for my endpoint:
<endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
contract="EvalServiceLibrary.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
By default, your wsHttpBinding
will be using Windows credentials, which works fine in a LAN/corporate intranet environment.
In order to limit who can call your service, you need to decorate your service class (the implementation) with restrictions - this cannot be done in config.
You can define principal permissions on a per-operation (service method) basis
public class MyService : IMyServiceContract
{
[PrincipalPermission(SecurityAction.Demand, User="Domain\\YourUserName")]
public void Method1() {...}
}
In this case, only the user Domain\YourUserName
can call this method - anyone else will get a security exception.
Read more about the Fundamentals of WCF Security - especially page 4 where role-based security is discussed.
Of course, extensibility is one of WCF's hallmark features - and this gentleman here has created a custom authentication module which allows you to use Windows credentials (users and roles) and define your WCF security settings in your config file.
精彩评论