开发者

WPF and WCF Data Services Authenticate at Query level?

问答 作者:

So, I swear i'm utterly confused by how开发者_StackOverflow社区 to secure WCF Data Services. In that, is there a simplified way of checking to make sure that the client that is sending the data to the WCF Service is authenticated more so, that the client itself is the client I wrote and not some mock client?

Any URL"s that can help me decode this problem?

I'm using an API key to "secure" my services over HTTPS and only allow access to specific IP addresses with IIS. Just override OnStartProcessingRequest() like so:

    protected override void OnStartProcessingRequest(ProcessRequestArgs Args)
    {
        // allow the metadata to be retrieved without specifying an API key by appending $metadata on the end
        if (Args.RequestUri.Segments.Last().Replace("/", String.Empty) != "$metadata")
        {
            // check if a valid API key has been passed in (see Configuration.xml)
            if (!IsValidAPIKey(Args.OperationContext.RequestHeaders["APIKey"])) throw new DataServiceException("Invalid API key");
        }

        base.OnStartProcessingRequest(Args);
    }

    private bool IsValidAPIKey(string PassedAPIKey)
    {
        if (!String.IsNullOrEmpty(PassedAPIKey))
        {
            Guid APIKey;

            // Configuration.APIKeys is just a simple list that reads from an XML file
            if (Guid.TryParse(PassedAPIKey, out APIKey) && Configuration.APIKeys.Exists(x => x.Key == APIKey)) return true;
        }

        return false;
    }

My XML file:

<?xml version="1.0" encoding="utf-8" ?>
<ArrayOfAPIKey xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <APIKey Key="ee5346fa-bca5-4236-ae6c-f35ae2f69e0b" ApplicationName="blah" />
</ArrayOfAPIKey>

My client side:

base.SendingRequest += (s, e) => { e.Request.Headers.Add("APIkey", "your-api-key-here");  };

WCF Data Services uses the normal authN/authZ components of the vanilla WCF stack. How do you host your service (typically in IIS) and what kind of authentication scheme are you using?

Update: The Astoria/WCF Data Services team has an excellent blog post series on WCF Data Services and Authentication: http://blogs.msdn.com/b/astoriateam/archive/tags/authentication/

继续阅读:wcf

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9