对于简单的安全性不高的wcf如果寄宿在IIS中wcf的验证完全可基于asp.net 的窗体验证http://blog.csdn.net/shanyou/archive/2009/09/06/4680978.aspx
该文对“WCF服务中操作FormsAuthentication的Cookie”操作有详细的说明
// 建立user wcf锲约 [ServiceContract(Namespace = "" )] public interface IUser { [OperationContract] LoginMessage DoWork( string name); [OperationContract] LoginMessage Login( string username, string pass); [OperationContract] void SignOut(); } /// <summary> /// login DataContract /// </summary> [DataContract] public class LoginMessage { [DataMember] public string Text; } // 实现接口 // 注意: 如果更改此处的类名 "User",也必须更新 App.config 中对 "User" 的引用。 [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class User : IUser { public LoginMessage DoWork( string name) { LoginMessage a = new LoginMessage(); if (UserAuthenticate.isAuthenticate()) { a.Text = " hello " + HttpContext.Current.User.Identity.Name.Trim(); } else { a.Text = " notlogin " ; } return a; } public LoginMessage Login( string username, string pass) { LoginMessage a = new LoginMessage(); if (username == " xgr2004 " && pass == " 123456 " ) { UserAuthenticate.VerifyUser(username, pass); a.Text = " true " ; } else { a.Text = " false " ; } return a; } public void SignOut() { UserAuthenticate.SignOut(); } // 验证部分,这里拷了我给出连接 public class UserAuthenticate { static public string VerifyUser( string username, string password) { System.Web.Security.FormsAuthentication.SetAuthCookie(username, true ); // 创建验证票 System.Web.Configuration.FormsAuthenticationConfiguration formsConfig = new System.Web.Configuration.FormsAuthenticationConfiguration(); FormsAuthenticationTicket formAuthTicket = new FormsAuthenticationTicket( 1 , // 版本 username, // 用户名称 DateTime.Now, // 创建时间 DateTime.Now.AddMinutes(formsConfig.Timeout.TotalMinutes), // 失效时间 true , "" ); // 用户数据 // 加密票 string encryptedTicket = FormsAuthentication.Encrypt(formAuthTicket); // 以加密票的密文存入Cookie HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); authCookie.HttpOnly = true ; authCookie.Path = FormsAuthentication.FormsCookiePath; authCookie.Secure = FormsAuthentication.RequireSSL; if (FormsAuthentication.CookieDomain != null ) { authCookie.Domain = FormsAuthentication.CookieDomain; } if (formAuthTicket.IsPersistent) { authCookie.Expires = formAuthTicket.Expiration; } HttpContext.Current.Response.Cookies.Add(authCookie); FormsIdentity identity = new FormsIdentity(formAuthTicket); GenericPrincipal principal = new GenericPrincipal(identity, null ); HttpContext.Current.User = principal; return "" ; return null ; } static public bool isAuthenticate() { return HttpContext.Current.User.Identity.IsAuthenticated; } static public void SignOut() { FormsAuthentication.SignOut(); HttpContext.Current.Session.Clear(); } }
|
源代码下载
代码的相关介绍: 网上查阅了相关WCF的例子,一般都要证书,对于简单的安全性不高的wcf如果寄宿在IIS中wcf的验证完全可基于asp.net 的窗体验证http://blog.csdn.net/shanyou/archive/2009/09/06/4680978.aspx 该文对“WCF服务中操作FormsAuthentication的Cookie”操作有详细的说明
|
当点击登陆,用户名为xgr2004时就登陆,成功登陆后然后点操作就会显示hello name的说明
反之如果没有登陆就显示notlogin
转载:http://www.cnblogs.com/Guroer/archive/2010/01/30/1660214.html
341
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
