问题描述
我是通过从ASP.NET页jQuery的$。阿贾克斯()调用一个WCF Web服务(.NET 4.0)。我怎样才能确保WCF服务,这样只有经过身份验证的用户ASP.NET可以调用该服务的方法呢?我是否需要手动势在必行检查窗体身份验证cookie中的每个服务的方法,还是有一个更声明的方式?
I am invoking a WCF web service (.NET 4.0) via jQuery $.ajax() from an ASP.NET page. How can I secure the WCF service such that only authenticated ASP.NET users can invoke the service's methods? Do I need to imperatively check the forms authentication cookie manually in each service method, or is there a more declarative approach?
推荐答案
SOLUTION :中移动服务目录(或任何目录将坚持固定服务)下的.svc文件并确保该目录有自己的web.config。配置位置否认匿名用户:
SOLUTION: Move the .svc files under a "Services" directory (or any directory that will hold the services to be secured) and secure that directory with its own web.config. Configure the location to deny anonymous users:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
这篇关于使用ASP.NET窗体身份验证WCF服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!