Ciao,
volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF
Di seguito trovate alcune info riguardo al progetto:
STRUTTURA LATO SERVER
\gestavisservice\web.config
\GestAvisService\Account\Web.config
gestavis.svc.vb
http://localhost:7134/GestAvis.svc/
il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
propormi il login come sotto riportato
il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
questo lo vedro’ successivamente
Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta
Grazie
Michele
volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF
Di seguito trovate alcune info riguardo al progetto:
STRUTTURA LATO SERVER
\gestavisservice\web.config
Codice:
<?xml version ="1.0" encoding="UTF-8"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name ="GestAvisEntities"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string="Data
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated
Security=True;MultipleActiveResultSets=True""
providerName= "System.Data.EntityClient" />
<add name ="ApplicationServices"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string="Data
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated
Security=True;MultipleActiveResultSets=True""
providerName= "System.Data.EntityClient" />
</connectionStrings >
<system.web >
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" >
<assemblies>
<add assembly ="System.Data.Entity, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl ="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName= "ApplicationServices" enablePasswordRetrieval="false"
enablePasswordReset=" true" requiresQuestionAndAnswer="false" requiresUniqueEmail=" false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength ="6"
minRequiredNonalphanumericCharacters="0 " passwordAttemptWindow="10" applicationName="/"
/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
</providers>
</profile >
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq "/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<httpRuntime requestPathInvalidCharacters="<, >,%,&,\,?"/>
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
Codice:
<?xml version ="1.0"?>
<configuration>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users= "*"/>
</authorization >
</system.web>
</location>
<system.web >
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>gestavis.svc.vb
Codice:
Imports System.Data.Services
Imports System.Linq
Imports System.ServiceModel.Web
Imports GestAvisService.GestAvisModel
Imports System.ServiceModel
<ServiceBehavior(IncludeExceptionDetailInFaults:=True)>
Public Class GestAvis
Inherits DataService(Of GestAvisEntities)
' This method is called only once to initialize service-wide policies.
Public Shared Sub InitializeService(ByVal config As DataServiceConfiguration)
'Public Shared Sub InitializeService(ByVal config As IDataServiceConfiguration)
' Make certain entity sets writable.
config.SetEntitySetAccessRule("TB_DONATORI", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_DONAZIONI", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_PUNTO_PRELIEVO", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_ATTIVITA", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_LINK_BENEM_DONAT", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_CHANGE_STATUS", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_TMP", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_STD", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_AGENDA", EntitySetRights.All)
config.UseVerboseErrors = True
' Make the remaining entity sets read-only.
config.SetEntitySetAccessRule("*", EntitySetRights.AllRead)
config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2
End Sub
End Classhttp://localhost:7134/GestAvis.svc/
il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
propormi il login come sotto riportato
il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
questo lo vedro’ successivamente
Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta
Grazie
Michele
