WCF Custom Security con User e Password

HolidaySoft.it

HolidaySoft.it

Utente Attivo
16 Ott 2012
105
0
0
Milano
www.holidaysoft.it
Ciao,
volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF
Di seguito trovate alcune info riguardo al progetto:
STRUTTURA LATO SERVER

Struttura_Server.png

\gestavisservice\web.config
Codice: 
<?xml version ="1.0" encoding="UTF-8"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name ="GestAvisEntities"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
Security=True;MultipleActiveResultSets=True&quot;"
providerName= "System.Data.EntityClient" />
<add name ="ApplicationServices"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
Security=True;MultipleActiveResultSets=True&quot;"
providerName= "System.Data.EntityClient" />
</connectionStrings >
<system.web >
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" > 
<assemblies>
<add  assembly ="System.Data.Entity, Version=4.0.0.0, Culture=neutral, 
PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms  loginUrl ="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add  name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName= "ApplicationServices" enablePasswordRetrieval="false"
enablePasswordReset=" true" requiresQuestionAndAnswer="false" requiresUniqueEmail=" false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength ="6"
minRequiredNonalphanumericCharacters="0 " passwordAttemptWindow="10" applicationName="/"
/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add  name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
</providers>
</profile >
<roleManager enabled="false">
<providers>
<clear/>
<add  name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
<add  name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager> 
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add  namespace="System"/>
<add  namespace="System.Collections"/>
<add  namespace="System.Collections.Generic"/>
<add  namespace="System.Collections.Specialized"/>
<add  namespace="System.Configuration"/>
<add  namespace="System.Text"/>
<add  namespace="System.Text.RegularExpressions"/>
<add  namespace="System.Linq"/>
<add  namespace="System.Xml.Linq "/>
<add  namespace="System.Web"/>
<add  namespace="System.Web.Caching"/>
<add  namespace="System.Web.SessionState"/>
<add  namespace="System.Web.Security"/>
<add  namespace="System.Web.Profile"/>
<add  namespace="System.Web.UI"/>
<add  namespace="System.Web.UI.WebControls"/>  
<add  namespace="System.Web.UI.WebControls.WebParts"/>
<add  namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<httpRuntime  requestPathInvalidCharacters="&lt;, &gt;,%,&amp;,\,?"/>
</system.web>
<!-- 
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
\GestAvisService\Account\Web.config

Codice: 
<?xml version ="1.0"?>
<configuration>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users= "*"/>
</authorization >
</system.web>
</location>
<system.web >
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

gestavis.svc.vb
Codice: 
Imports System.Data.Services
Imports System.Linq
Imports System.ServiceModel.Web
Imports GestAvisService.GestAvisModel
Imports System.ServiceModel

<ServiceBehavior(IncludeExceptionDetailInFaults:=True)>
Public Class GestAvis
    Inherits DataService(Of GestAvisEntities)

    ' This method is called only once to initialize service-wide policies.
    Public Shared Sub InitializeService(ByVal config As DataServiceConfiguration)
        'Public Shared Sub InitializeService(ByVal config As IDataServiceConfiguration)
        ' Make certain entity sets writable.
        config.SetEntitySetAccessRule("TB_DONATORI", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_DONAZIONI", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_PUNTO_PRELIEVO", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_ATTIVITA", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_LINK_BENEM_DONAT", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_CHANGE_STATUS", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_TMP", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_STD", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_AGENDA", EntitySetRights.All)

        config.UseVerboseErrors = True
        ' Make the remaining entity sets read-only.
        config.SetEntitySetAccessRule("*", EntitySetRights.AllRead)
        config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2
    End Sub

End Class


http://localhost:7134/GestAvis.svc/
Risultato_Server.png

il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
propormi il login come sotto riportato
Login_asp.png

il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
questo lo vedro’ successivamente

Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta

Grazie
Michele
 
Devi accedere o registrarti per poter rispondere.
Discussioni simili
Autore Titolo Forum Risposte Data
HolidaySoft.it Distribuzione progetto WCF .NET Framework 6
felino [C#] Ordinare un livello specifico di un custom tree .NET Framework 0
I [WordPress] pagine custom all'interno di un tema WordPress 0
felino [WordPress] QTranslate, Permalink, Custom Post WordPress 2
L [WordPress] Creazione pagina archivio custom WordPress 0
felino [Wordpress] Custom Post Type: plugin per creare uno slider nei widget WordPress 0
felino [Wordpress] Import post da un file sql custom WordPress 1
felino Query custom in un articolo WordPress 0
B Filtro per advanced custom fields WordPress 0
felino Archive.php per Custom Post Type WordPress 0
felino Custom Post Type: modificare lo slug WordPress 0
A Modulo custom Drupal e applicazione java CMS (Content Management System) 0
felino Google Maps - Custom Street View panoramas HTML e CSS 1
felino Samsung S2 GT-I9100...Rom Custom? Smartphone e tablet 0
felino Host su Aruba e PHP.ini custom? Hosting 2
M Problema custom errors ASP.NET 1
Axis18 Spring Security Java 0
M [PHP] WS-Security errore PHP 0
Marco_88 CCNA Security Cisco Reti LAN e Wireless 1
R Security Ninja Core Scanner Plugin Sicurezza WordPress 5
Web Designer Antivirus VIPRE Security 2012 Sicurezza e Virus 0
voldemort Disinstallare Kaspersky Internet Security: Errore 1922 Sicurezza e Virus 1
C security token Javascript 0
J Five Tricks for Improving JavaScript Security Javascript 0
M Norton internet security Sicurezza e Virus 3
peppoweb Microsoft Baseline Security Analyzer Sicurezza e Virus 0
peppoweb Un security pack per Windows Xp Sicurezza e Virus 0
peppoweb Convegno/ Security e tutela della Privacy Discussioni Varie 0
peppoweb IT Security a Pisa Discussioni Varie 0
peppoweb Internet Security Systems presenta Proventia, una Hardware 0
grottafelix I love you Norton Security Sicurezza e Virus 0
peppoweb IT Security Conference 2003: Milano 26 e il 27 marzo 2003 Discussioni Varie 0

Discussioni simili

Alto Basso