如何保护我的简单 WCF 服务中使用 FormsAuthentication 概念？

How to secure my simple WCF service using FormsAuthentication concept ?

在的ServiceContract 类似于此：

    [ServiceContract]
    public interface MovieDb
    {
        [OperationContract]
        string GetData(int value);

        [OperationContract]
        string Login(int value);

        [OperationContract]
        string Logout(int value);

    }

我在MVC 4应用程序进行身份验证和授权使用 FormsAuthentication 。

所有我能想到的是，如添加授权 Filter属性在的ServiceContract 类的顶部。

All I could think of is like adding Authorize Filter attribute at the top of the ServiceContract class.

任何指针简单来说，在很多AP preciated。谢谢你。

Any pointers in Simple terms in much appreciated. Thanks.

推荐答案

您可以使用用户名/密码（Forms身份验证）保护您的WCF：

You can secure your WCF using username/password(Forms Authentication):

信息安全与用户名客户端

如果您决定使用会员的身份验证在服务器端配置WFC添加行为配置成员：

If you decide to use membership for Authentication in WFC configuration on server side you add a behavior configuring the Membership:

<behavior name="myBehavior"> 
    <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="myRoleProvider"/>
    <serviceCredentials>
        <serviceCertificate findValue="*.mycert.net" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="myMembershipProvidewr"/>
    </serviceCredentials>
</behavior>

您WCF能够验证这么简单

Your WCF can be validate as simple as

  [PrincipalPermission(SecurityAction.Demand, Role = "My Role")]
        public bool GetSomething(string param1)
        {
...

您可以在这里找到更多的信息： http://msdn.microsoft.com/en-us/library/ff650067.aspx

You can find additional information here: http://msdn.microsoft.com/en-us/library/ff650067.aspx