WCF Service authorization patterns

后端未结

关注

 3  501

名媛妹妹 2020-12-31 20:07

I\'m implementing a secure WCF service. Authentication is done using username / password or Windows credentials. The service is hosted in a Windows Service process. Now, I\'

3条回答

离开以前 (楼主)

2020-12-31 20:39
For question 1, absolutely do authorization first. No code (within your control) should execute before authorization to maintain the tightest security. Paul's example above is excellent.

For question 2, you could handle this by subclassing your concrete service implementation. Make the true business logic implementation an abstract class with an abstract "CheckPermissions" method as you mention above. Then create 2 subclasses, one for WCF use, and one (very isolated in a non deployed DLL) which returns true (or whatever you'd like it to do in your unit testing).

Example (note, these shouldn't be in the same file or even DLL though!):
```
public abstract class MyServiceImpl
{
    public void MyMethod(string entityId)
    {
        CheckPermissions(entityId);
        //move along...
    }
    protected abstract bool CheckPermissions(string entityId);
}

public class MyServiceUnitTest
{
    private bool CheckPermissions(string entityId)
    {
        return true;
    }
}

public class MyServiceMyAuth
{
    private bool CheckPermissions(string entityId)
    {
        //do some custom authentication
        return true;
    }
}
```
Then your WCF deployment uses the class "MyServiceMyAuth", and you do your unit testing against the other.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...