问题
I have implemented a WCF service that uses a TransportWithMessageCredential binding and a custom UserNamePasswordValidator.
I have a Silverlight 3 client connecting to this service. If I set valid credentials it works perfect, however, in the username validator I throw a SecurityTokenException if the username and password does not match.
Now I have implemented a dummy service call just to verify the credentials, is there a "nicer" way of checking the credentials. A service method that accept username and password and returns true/false doesn't feel safe.
回答1:
I think you're going about security in the wrong way. there are builtin methods for dealing with this. Look up "Membership Providers". Ex:
http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
来源:https://stackoverflow.com/questions/2077854/custom-usernamepasswordvalidator-with-silverlight-3-0