3

我正在进行关于 IIS 托管的内部辩论。对于给定的企业应用程序,我们有 N 个 WCF 服务。

一种选择是将每个 WCF 服务托管在其自己的 IIS 应用程序中。这意味着每个服务都有自己的 web.config 和 [可能] 自己的应用程序池。

另一种选择是在一个 IIS 应用程序中处理所有 WCF 服务。这意味着所有这些服务的一个 web.config 和一个应用程序池。

单个选项可以灵活地为每个服务提供不同的配置(IIS 和 web.config)。单独的应用程序池可以更精细地控制重置进程。

共享选项更简单并且可行,因为每个服务的 IIS 和应用程序配置 (web.config) 应该相同。

我正在寻找这两个选项之间的建议\最佳实践。

4

1 回答 1

0

Working in the same type of enterprise environment as the one you describe we find the best practise is as follows:

  1. Group similar functions into "Applications" which are then hosted under one WCF service. This gives us e.g. CustomerService, AccountsService etc.

  2. Each service has its own App. Domain to give it process separation and security separation from the other services. That is, each service runs under the context of an ActiveDiretory (AD) account and doing this allows us secure downstream resources such as SQL server databases.

E.g. CustomerService runs under DOMAIN\CustomerServiceUser user. We can then secure for example stored procedures related to customer functions so they can only be executed by the CustomerServiceUser user. We can then use integrated security for our connection to the SQL server. This allows enterprise permissions to be managed at the Active Directory level.

  1. We deploy using scripting for both the IIS configuration and our web.config files. This has the advantage that the IIS configuration can also be kept in source control as can the transform files for our web.config files. We then have full version history or our configuration and additionally can use this to quickly roll out additional machines if we decide to duplicate & load balance the services.

This is what we find to be the best practise although the requirements of your organisation may be different.

于 2014-12-05T09:08:31.430 回答