1. Zuhause
  2. Frage und Antwort
  3. Wie sicher ist WCF RIA und Entity Framework?

Wie sicher ist WCF RIA und Entity Framework?

2016-07-29 47 views
2

Ich schaute mir eine Silverlight-Anwendung an, die WCF RIA und Entity Framework im Backend verwendet. Der Code, der von Visual Studio generiertWie sicher ist WCF RIA und Entity Framework?

public IQueryable<someEntity> GetSomeEntity() 
{ 
    return this.ObjectContext.someEntity; 
}

Jetzt ist, davon ausgehen, dass ich die richtige Authentifizierung hinstellen, so dass nur authentifizierte Benutzer diesen Web-Service aufrufen können. Ich habe auch Benutzerzugriffskontrolle auf dem Sliverlight-Client, so dass sie nur auf Daten zugreifen können, die ihnen erlaubt sind. Was hält einen authentifizierten Benutzer davon ab, eine Web-Service-Anforderung zu fälschen (d. H. Die Zugriffssteuerung auf dem Silverlight-Client zu umgehen), abgesehen von der Implementierung der Zugriffssteuerung für den Web-Service selbst?

Quelle

2016-07-29 elty123

Antwort

1

Dies ist eine Komplettlösung zur Sicherung des RIA-Dienstes mit Silverlight. Ich hoffe es hilft dir.

Webprojekt

schreiben Individuelle Mitgliedschaft Anbieter

public class CustomMembershipProvider : MembershipProvider 
{ 
    public override bool ValidateUser(string username, string password) 
    { 
     using(Model.YourDomainModel context = new Model.YourDomainModel()) 
     { 
      var usr = context.Users.Where(u => u.Login == username && 
       u.Password == password).FirstOrDefault(); 

      return usr != null; 
     } 
    } 

    public override string ApplicationName 
    { 
     get 
     { 
      return "Your app name"; 
     } 
     set 
     { 
      throw new NotImplementedException(); 
     } 
    } 

    // Other overrides not implemented 
    #region Other overrides not implemented 
    public override bool ChangePassword(string username, string oldPassword, string newPassword) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) 
    { 
     throw new NotImplementedException(); 
    } 

    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool DeleteUser(string username, bool deleteAllRelatedData) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool EnablePasswordReset 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override bool EnablePasswordRetrieval 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) 
    { 
     throw new NotImplementedException(); 
    } 

    public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) 
    { 
     throw new NotImplementedException(); 
    } 

    public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) 
    { 
     throw new NotImplementedException(); 
    } 

    public override int GetNumberOfUsersOnline() 
    { 
     throw new NotImplementedException(); 
    } 

    public override string GetPassword(string username, string answer) 
    { 
     throw new NotImplementedException(); 
    } 

    public override MembershipUser GetUser(string username, bool userIsOnline) 
    { 
     throw new NotImplementedException(); 
    } 

    public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) 
    { 
     throw new NotImplementedException(); 
    } 

    public override string GetUserNameByEmail(string email) 
    { 
     throw new NotImplementedException(); 
    } 

    public override int MaxInvalidPasswordAttempts 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override int MinRequiredNonAlphanumericCharacters 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override int MinRequiredPasswordLength 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override int PasswordAttemptWindow 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override MembershipPasswordFormat PasswordFormat 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override string PasswordStrengthRegularExpression 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override bool RequiresQuestionAndAnswer 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override bool RequiresUniqueEmail 
    { 
     get { throw new NotImplementedException(); } 
    } 

    public override string ResetPassword(string username, string answer) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool UnlockUser(string userName) 
    { 
     throw new NotImplementedException(); 
    } 

    public override void UpdateUser(MembershipUser user) 
    { 
     throw new NotImplementedException(); 
    } 
    #endregion

schreiben benutzerdefinierten Rollenanbieter

public class CustomRoleProvider : RoleProvider 
{ 
    public override string[] GetRolesForUser(string username) 
    { 
     using(Model.YourDomainModel context = new Model.YourDomainModel()) 
     { 
      string[] roles = (from r in Roles 
          where r.User_name == username 
          select r.Role).ToArray(); 
      return roles; 
     } 
    } 

    public override string ApplicationName 
    { 
     get 
     { 
      return "Your app name"; 
     } 
     set 
     { 
      throw new NotImplementedException(); 
     } 
    } 

    //Other overrides not implemented 
    #region Other overrides not implemented 
    public override void AddUsersToRoles(string[] usernames, string[] roleNames) 
    { 
     throw new NotImplementedException(); 
    } 

    public override void CreateRole(string roleName) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) 
    { 
     throw new NotImplementedException(); 
    } 

    public override string[] FindUsersInRole(string roleName, string usernameToMatch) 
    { 
     throw new NotImplementedException(); 
    }  

    public override string[] GetAllRoles() 
    { 
     throw new NotImplementedException(); 
    } 

    public override string[] GetUsersInRole(string roleName) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool IsUserInRole(string username, string roleName) 
    { 
     throw new NotImplementedException(); 
    } 

    public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) 
    { 
     throw new NotImplementedException(); 
    } 

    public override bool RoleExists(string roleName) 
    { 
     throw new NotImplementedException(); 
    } 
    #endregion 
}

Schreiben Sie AuthenticationDomainService Klasse

[EnableClientAccess] 
public class YourAuthenticationDomainService : AuthenticationBase<AuthUser> 
{ 
} 

public class AuthUser : UserBase 
{ 
}

EnableClientAcces auf Ihre Domainservice hinzufügen und überprüfen Rollen

[EnableClientAccess()] 
public class YourDomainService : DomainService 
{ 
    public YourDomainService() 
     : base() 
    { 
    } 


    [RequiresRole("Role1, Role2")] 
    public IQueryable<someEntity> GetSomeEntity() 
    { 
     return this.ObjectContext.someEntity; 
    } 
}

In Web.Config add:

<system.web> 
    <authentication mode="Forms" /> 

    <membership defaultProvider="MyCustomProvider"> 
     <providers> 
      <add name="MyCustomProvider" type="MyProject.Web.CustomMembershipProvider,MyProject.Web" /> 
     </providers> 
    </membership> 

    <roleManager enabled="true" defaultProvider="MyCustomProvider"> 
     <providers> 
      <add name="MyCustomProvider" type="MyProject.Web.CustomRoleProvider,MyProject.Web" /> 
     </providers> 
    </roleManager> 
</system.web>

SILVERLIGHT

In App.xaml.cs hinzufügen WebContext zu ApplicationLifetimeObjects

Schreiben Sie loging Form/Dialog wie

LoginDialog.xaml

<Grid x:Name="LayoutRoot" Margin="2"> 
    <Grid.RowDefinitions> 
     <RowDefinition Height="Auto" /> 
     <RowDefinition Height="Auto" /> 
     <RowDefinition Height="Auto" /> 
    </Grid.RowDefinitions> 
    <Grid.ColumnDefinitions> 
     <ColumnDefinition Width="Auto" /> 
     <ColumnDefinition /> 
    </Grid.ColumnDefinitions> 

    <TextBlock Grid.Column="0" Grid.Row="0" Text="Login:" /> 
    <TextBlock Grid.Column="0" Grid.Row="0" Text="Password:" /> 
    <TextBox x:Name="txtLogin" Grid.Column="1" Grid.Row="0" /> 
    <PasswordBox x:Name="txtPassword" Grid.Column="1" Grid.Row="1" /> 
    <Button x:Name="btnLogin" Click="btnLogin_Click" Grid.Column="1" Grid.Row="2" /> 
</Grid>

LoginDialog.xaml.cs

private void btnLogin_Click((object sender, RoutedEventArgs e)) 
{ 
    LoginOperation loginOp = WebContext.Current.Authentication.Login(
     new LoginParameters(txtLogin.Text, txtPassword.Password)); 
    loginOp.Completed += (s2, e2) => 
    { 
     if (loginOp.HasError) 
     { 
      //HANDLE ERROR 
      loginOp.MarkErrorAsHandled(); 
     } 
     else if (!loginOp.LoginSuccess) 
     { 
      MessageBox.Show("Wrong login or password."); 
     } 
     else 
     { 
      DialogResult = true; 
     } 
    }; 
}

Quelle

2017-03-13 13:54:35

 Verwandte Themen

  • Keine verwandten Themen^_^