WCF Custom Security con User e Password

HolidaySoft.it

Utente Attivo
16 Ott 2012
106
1
0
Milano
www.holidaysoft.it
Ciao,
volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF
Di seguito trovate alcune info riguardo al progetto:
STRUTTURA LATO SERVER

Struttura_Server.png

\gestavisservice\web.config
Codice:
<?xml version ="1.0" encoding="UTF-8"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name ="GestAvisEntities"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
Security=True;MultipleActiveResultSets=True&quot;"
providerName= "System.Data.EntityClient" />
<add name ="ApplicationServices"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
Security=True;MultipleActiveResultSets=True&quot;"
providerName= "System.Data.EntityClient" />
</connectionStrings >
<system.web >
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" > 
<assemblies>
<add  assembly ="System.Data.Entity, Version=4.0.0.0, Culture=neutral, 
PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms  loginUrl ="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add  name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName= "ApplicationServices" enablePasswordRetrieval="false"
enablePasswordReset=" true" requiresQuestionAndAnswer="false" requiresUniqueEmail=" false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength ="6"
minRequiredNonalphanumericCharacters="0 " passwordAttemptWindow="10" applicationName="/"
/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add  name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
</providers>
</profile >
<roleManager enabled="false">
<providers>
<clear/>
<add  name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
<add  name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager> 
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add  namespace="System"/>
<add  namespace="System.Collections"/>
<add  namespace="System.Collections.Generic"/>
<add  namespace="System.Collections.Specialized"/>
<add  namespace="System.Configuration"/>
<add  namespace="System.Text"/>
<add  namespace="System.Text.RegularExpressions"/>
<add  namespace="System.Linq"/>
<add  namespace="System.Xml.Linq "/>
<add  namespace="System.Web"/>
<add  namespace="System.Web.Caching"/>
<add  namespace="System.Web.SessionState"/>
<add  namespace="System.Web.Security"/>
<add  namespace="System.Web.Profile"/>
<add  namespace="System.Web.UI"/>
<add  namespace="System.Web.UI.WebControls"/>  
<add  namespace="System.Web.UI.WebControls.WebParts"/>
<add  namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<httpRuntime  requestPathInvalidCharacters="&lt;, &gt;,%,&amp;,\,?"/>
</system.web>
<!-- 
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
\GestAvisService\Account\Web.config

Codice:
<?xml version ="1.0"?>
<configuration>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users= "*"/>
</authorization >
</system.web>
</location>
<system.web >
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
gestavis.svc.vb
Codice:
Imports System.Data.Services
Imports System.Linq
Imports System.ServiceModel.Web
Imports GestAvisService.GestAvisModel
Imports System.ServiceModel

<ServiceBehavior(IncludeExceptionDetailInFaults:=True)>
Public Class GestAvis
    Inherits DataService(Of GestAvisEntities)

    ' This method is called only once to initialize service-wide policies.
    Public Shared Sub InitializeService(ByVal config As DataServiceConfiguration)
        'Public Shared Sub InitializeService(ByVal config As IDataServiceConfiguration)
        ' Make certain entity sets writable.
        config.SetEntitySetAccessRule("TB_DONATORI", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_DONAZIONI", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_PUNTO_PRELIEVO", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_ATTIVITA", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_LINK_BENEM_DONAT", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_CHANGE_STATUS", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_TMP", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_STD", EntitySetRights.All)
        config.SetEntitySetAccessRule("TB_AGENDA", EntitySetRights.All)

        config.UseVerboseErrors = True
        ' Make the remaining entity sets read-only.
        config.SetEntitySetAccessRule("*", EntitySetRights.AllRead)
        config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2
    End Sub

End Class

http://localhost:7134/GestAvis.svc/
Risultato_Server.png

il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
propormi il login come sotto riportato
Login_asp.png

il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
questo lo vedro’ successivamente

Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta

Grazie
Michele