问题描述
我目前正在使用 WCF,并尝试实现基于 API 密钥和签名的自定义安全模型(类似于 Facebook/Flickr/OAuth 等的工作方式).
I'm working with WCF at the moment and attempting to implement a custom security model based around an API key and signature (similar to how Facebook/Flickr/OAuth etc. work).
有一些类,如 ServiceAuthorizationManager、SecurityToken、SecurityTokenValidator、IAuthorizationPolicy 等,但我似乎找不到任何关于它们如何协同工作或 WCF 概念安全模型的文档.
There are a while bunch of classes like ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy and so on, but I can't seem to find any documentation about how these work together or what the conceptual security model is for WCF.
我真的在寻找可以详细说明这些类如何配合和协同工作的内容,以便我可以了解在哪里提取凭据、在哪里验证它们是正确的、在哪里决定授予它们什么级别的访问权限等等.如果我能买到一本关于这些东西的书,那就更好了,因为我找到的所有 WCF 书籍都完全跳过了所有这些东西.
I'm really looking for something that details how these classes fit and work together, so I can understand where to extract credentials, where to validate they are correct, where to decide what level of access to give them and so on. If there is a book I can buy about this stuff it would be even better, as all the WCF books I have found skip over all this stuff entirely.
那里有任何文档吗?
推荐答案
看看 Juval Lowy 出色的Programming WCF Services",第 2 版:
Take a look at Juval Lowy's excellent "Programming WCF Services," 2nd Edition:
这是到亚马逊页面的链接
第 10 章完全致力于安全性.
Chapter 10 is completely devoted to security.
Microsoft 发布了 WCF 安全指南 - 免费(!)电子书.您可以在此处找到它.
Microsoft has released a WCF Security Guide - a free(!) eBook. You can find it here.
要浏览的信息太多了.祝你好运!
That's an awful lot of information to wade through. Good luck!
这篇关于WCF 安全模型的概念概述?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!