问题
What are the best practices for handling security i.e. Authorization and Authentication in Web Application?
I am working on a web application, using WCF as SOA, there are more chances that in future individual component in my application can be integrated with some third party application. I am looking for a solution by which I can handle Authorization and Authentication for my application using internal approach of my application as well as i can use interface provided by some third party application for authorization and authentication.
回答1:
See What is some good WCF/web services security reading?
回答2:
We are currently looking at the Microsoft Geneva framework for exactly this (plus our other SSO requirements). Looks very nice.
http://msdn.microsoft.com/en-us/security/aa570351.aspx
回答3:
You should look into XACML for the authorization side of things. It's technology-agnostic and scales extremely well.
来源:https://stackoverflow.com/questions/443886/authorization-and-authentication-using-wcf