flash - Token-Based Authentication in WCF -

-

I am creating a website that will have both ASP.Net page and a Flash applet. I want to include my business logic in a WCF service that will be exposed through two concluding points: one can be used on the internet via HTTP (s), for use of Flash Client, and Application Server Data center for use by If it does not look like a good attitude, then stop me here; Otherwise, I will go ahead ...

The question is how to authenticate the requests that come from the Flash client. Since I do not want to store the user's password in a browser cookie, therefore do not want to send a password with each request, and do not want to use HTTPS after the initial login, I would not like to even do a token-based authentication system The user must enter the flash client after entering the site already, so I can find the token to the flash client I'm planning to use Javascript to sync.

I

The question is, then,: WCF know that to implement the login control. Supports to use the NET framework's built-in security framework (System.Security).

How can I pass a token to the WCF service when I'm asked by flash, and how do I process the token on the server?

  • An "ongoing token" authentication mode in WCF, but it appears that it intends to use a full token service and SAML token in a fully developed federation scenario. Is it possible to use this mode with its own "simple random string" token that I really want a bit of complexity? if so, how? Be sure to keep this requirement compatible with Flash.
  • I could potentially pass a token (possibly a SOAP header or HTTP header) at the top. In this case, once I have determined that which users are requesting, how can I inform the setting so that the system Do security checks work?
  • Should I consider different perspectives? Whatever is avoided sending password to every request, give me the system. Lets use security, and works with Flash is a possibility.

    • It seems that the original question has been answered, I will keep this brief , But an approach must actually pass authentication token in an HTTP header and override CheckAccess (OperationContacts Operation Contact, Ref message message) in a Custom ServiceAdministrator Manager

    You have already configured the service to use custom policy which is IAuthorizationPolicy applies.

    Whatever remains, implement simple IIdentity and IPrincipal classes to store your authorization status.

    Many good articles are present:

    I think it's still a "roll-yourself" "May feel like a solution, but at least be assured when you have the benefit of black-boxing your authorization code from your service practices after an established pattern.


Comments

Post a Comment

Popular posts from this blog

c# - How to capture HTTP packet with SharpPcap -

-
I would like to capture all incoming HTTP packets on my machine. To do this, I am using SharpPcap which is a WinPcap The cover is. SharpPcap works very well, but it captures TCP packets and what it wants to do for me is a very low level. Does anyone know how can I easily get full HTTP requests / reactions from all these TCP packets? Thanks SharpPcap is already able to capture the packet in the same way That's what the virus does (just in the code instead of the GUI). And you can either either parse them directly or you can put them in the drive in the common .pcap file format. The steps to parse the capture are: Open a connection at any time Loop a while Or start capturing using an event callback Parsing the raw packet for the type you want If you are reading .PPP dump files In addition to calling you an offline capture reader is almost the same, there is no need to select an interface, and you can set the majority There is no need to do the modes. All st...
Read more

php - Multiple Select with Explode: only returns the word "Array" -

-
By using Wordpress I have created a multiple selection box so that users can select categories to exclude. When the page is initially loaded, I see my predefined default option. However, when I select a new value and I save ... I only see the word "Array" and have not chosen anything else? & lt; Class = "amultiple" id = "& lt; php echo $ value ['id'] ;? gt;" name = "& gt; php echo $ value ['id'] ;; gt; []" Multiple = "multiple" size = "8" & gt; & Lt ;? Php global option; Foreign currency ($ value as value $) {if (get_settings ($ value ['id']) === FALSE {$$ value ['id'] = $ value ['std']; } And {$$ value ['id'] = get_settings ($ value ['id']); }} $ Ranges = & amp; Amp; Categories ('type = post & orderbiz = name & amp; hide_empty = 1'); If ($ ranges) {$ ex_cat = implode (',', $ tt_cat_exclude); Forex Currency ($ range a...
Read more

php - jQuery AJAX Post not working -

-
I do not understand why this script does not work. It has something to do within AJAX PostScript / Function. Right now, when I submit my form, it runs php code on the same page. What it should do, send the values ​​of the form for Project_Azax.fp, then there will be a refund of success on the page which is correct or false. $ (document) .ready (function () {$ ('div # didIt'). Hide (); $ ('form [name = adminForm]'). Submit (function () ($ {'.post' ('/ project_ajax.php', {action: $ ('[name = action]') Val (), pId: $ ('[name = pId]'). Val (), name ('[Name = name]'. Val (), url: $ ('[url = url]'). Val (), summary: ('[summary = summary]'). Val ()}, Function (data) {if (data.success) {$ ('div # didIt') .Sliddown ('slow');} and {warning ('unsuccessful SA!');}}, 'Jason'); return false ;});}); What is the code for project_ajax.php below ... if ($ _ POST ['action'] == ...
Read more