对于企业类型的 WCF 服务,可能有 10K 的数千个客户端将进行身份验证并将数据发送到中央服务器,当涉及到会话或身份验证时,什么是“最佳”实践?
- WCF 是否支持会话,如果支持,我应该使用它吗?还是我应该在每次通话的基础上简单地传递用户名/密码?
AnonymousPing
问问题
14884 次
3 回答
12
As blowdart mentioned, WCF Sessions are not the same as ASP.NET Sessions. You can read up on them here: http://msdn.microsoft.com/en-us/library/ms733040.aspx. Before you roll your own security, you'll want to get familiar with what WCF gives you out-of-the-box: http://msdn.microsoft.com/en-us/library/ms734736.aspx. They may get you close to your goal without writing a lot of code. Specifically, check out How to: Create a Secure Session. With secure sessions, the Client and Server cache credentials so you don't have to fully authenticate with each request. By default, you'll lose a secure session if the web server recycles. If you want a secure session that lasts through a recycle, you'll want to look at How to: Create a Stateful Security Context Token for a Secure Session.
于 2008-10-27T17:54:22.340 回答
1
WCF 确实支持会话是的;但它们不像ASP.NET 会话。会话在那里按顺序传递消息(以及其他位和 bobs),它们不是为了在调用之间添加共享存储。
对于经过身份验证的服务调用,您应该每次都发送您的身份验证详细信息;安全性是基于每条消息应用的。
于 2008-10-27T15:53:12.163 回答
-1
如果您在 IIS 中托管服务,您仍然可以通过为服务行为启用 aspnetcompatibility 来使用来自 ASP.NET 的会话。
于 2008-10-28T09:38:49.470 回答