问题
I am concerned on how to implement security measures may it be Authentication or Authorization.. How can these be implemented.. if you have any thoughts or links that you can share with regards to WCF REST 4.0 Security and if you've implemented it also the better. because ive been trying to find out on this topic all i find is information on how to implement it using 3.5 and lower versions which seem to be different from the samples i see for 4.0 which i tried but did not make sense while implementing it.
Thank you
回答1:
Because REST is stateless you cannot use a cookie or session id. It is common to use HTTP Basic Authentication and HTTPS for all requests.
回答2:
You might want to explore this solution for WCF REST, it is a interceptor for implementing basic authentication with a custom user database.
http://weblogs.asp.net/cibrax/archive/2009/03/20/custom-basic-authentication-for-restful-services.aspx
That interceptor authenticates the user with a password, and initializes the current principal, so you can use that one from the service itself for doing authorization or implement an IAuthorizationManager if you want to have that logic as something reusable across several services.
You will also find some other authentication methods in my blog, like certificate authentication or OAuth, which are less common.
Thanks Pablo.
回答3:
For authorization, you can look into XACML.
来源:https://stackoverflow.com/questions/3715863/implementing-security-in-rest