惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

I
InfoQ
F
Full Disclosure
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Threatpost
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
G
GRAHAM CLULEY
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Latest news
Latest news
S
SegmentFault 最新的问题
C
Cisco Blogs
T
Tenable Blog
爱范儿
爱范儿
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
Securelist
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
IT之家
IT之家
博客园_首页
C
Cyber Attacks, Cyber Crime and Cyber Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
K
Kaspersky official blog
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Privacy International News Feed
腾讯CDC
A
About on SuperTechFans
Y
Y Combinator Blog
月光博客
月光博客
C
Check Point Blog
Last Week in AI
Last Week in AI
Know Your Adversary
Know Your Adversary
Hugging Face - Blog
Hugging Face - Blog
U
Unit 42
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
H
Hacker News: Front Page
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
L
LINUX DO - 热门话题
MongoDB | Blog
MongoDB | Blog
T
Troy Hunt's Blog

博客园 - 散步的蠕虫

[整理收藏]CSS Hack IE6,IE7,IE8 and Firefox 【转载】Javascript标准DOM Range操作 [收藏]winform拖动方法 [收藏]SQL SERVER2005自动备份 [更新+源码]一个随时随地随便记的超轻量级的记事本软件WheneverNote V1.0.9.218 [发布+源码]一个随时随地随便记的超轻量级的记事本软件WheneverNote V1.0.9.215 [总结]Server Application Error(IIS5 HTTP500)内部错误分析及解决办法 [转载]XML和HTML常用转义字符 C# TO Excel 新概念III WCF - Message Security with Mutual Certificates 【转载】LINQ to SQL (Part 5 - Binding UI using the ASP:LinqDataSource Control) 【转载】LINQ to SQL (Part 4 - Updating our Database) 【转载】LINQ to SQL (Part 3 - Querying our Database) 【转载】LINQ to SQL (Part 2 - Defining our Data Model Classes) 【转载】Using LINQ to SQL (Part 1) 常用开发辅助工具清单 JavaScript 实用方法库 Local Resource应用概述
WCF - Common Security Scenarios
散步的蠕虫 · 2008-06-13 · via 博客园 - 散步的蠕虫

WCF常用的安全方案

随着WCF使用越来越频繁,总会遇到各种各样的问题,MSDN中的文档有时候也并不能帮我们完全解决问题,所以很多东西还是要靠自己在实践中积累。在接下来的篇幅中,我将结合对WCF的了解以及项目中的一些经验,并针对WCF常用的安全方案,通过一些小实例,给大家提供一些参考资料。


点击下载 实例源码

解决方案如图所示

所有的实例中,我们都采用同一个ServiceContractService 在这里,我们先列出来。
这里涉及的只是安全方面的问题,所以提供了一个很简单的方法,通过判断提供的Name和Password来返回一条信息。
ServiceContract:  IService.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace WcfSecuritySampleLibrary
{
    [ServiceContract]
    
public interface IService
    
{
        [OperationContract]
        
string Login(User user);
    }


    [DataContract]
    
public class User
    
{
        
string _name = string.Empty;
        
string _password = string.Empty;
        [DataMember]
        
public string Name
        
{
            
get return _name; }
            
set { _name = value; }
        }


        [DataMember]
        
public string Password
        
{
            
get return _password; }
            
set { _password = value; }
        }

    }

}


Service:  Service.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;

namespace WcfSecuritySampleLibrary
{
    
public class Service : IService
    
{
        
public string Login(User user)
        
{
            
string resultMsg = string.Empty;
            
string welcomeMsg = "Hello ";
            
if (!object.Equals(user, null))
            
{
                
if (string.IsNullOrEmpty(user.Name) || string.IsNullOrEmpty(user.Password))
                
{
                    resultMsg 
= "Name or Password should not be empty";
                }

                
else if (user.Name.Trim().ToLower() != "leo" || user.Password.Trim().ToLower() != "leo")
                
{
                    resultMsg 
= "Name or Password is incorrect";
                }

                
else
                
{
                    resultMsg 
= welcomeMsg + "Leo. You are a registered user.";
                }

            }

            
else
            
{
                resultMsg 
= "System error";
            }


            
return resultMsg;
        }

    }

}

接下来我们要陆续讨论具体的WCF常用安全:

Internet Unsecured Client and Service
Intranet Unsecured Client and Service
Transport Security with Basic Authentication
Transport Security with Windows Authentication
Transport Security with an Anonymous Client
Transport Security with Certificate Authentication
Message Security with an Anonymous Client
Message Security with a User Name Client
Message Security with a Certificate Client
Message Security with a Windows Client
Message Security with a Windows Client without Credential Negotiation
Message Security with Mutual Certificates
Message Security with Issued Tokens
Trusted Subsystem