WCF Custom Security con User e Password

Discussione in '.NET Framework' iniziata da HolidaySoft.it, 9 Settembre 2015.

Tag (etichette):
  1. HolidaySoft.it

    HolidaySoft.it Utente Attivo

    Registrato:
    16 Ottobre 2012
    Messaggi:
    106
    Mi Piace Ricevuti:
    1
    Punteggio:
    0
    Occupazione:
    Business Intelligence Consultant
    Località:
    Milano
    Home Page:
    Ciao,
    volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF
    Di seguito trovate alcune info riguardo al progetto:
    STRUTTURA LATO SERVER

    Struttura_Server.png

    \gestavisservice\web.config
    Codice:
    <?xml version ="1.0" encoding="UTF-8"?>
    <configuration>
    <appSettings/>
    <connectionStrings>
    <add name ="GestAvisEntities"
    connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
    sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
    Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
    Security=True;MultipleActiveResultSets=True&quot;"
    providerName= "System.Data.EntityClient" />
    <add name ="ApplicationServices"
    connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
    sl;provider=System.Data.SqlClient;provider connection string=&quot;Data 
    Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated 
    Security=True;MultipleActiveResultSets=True&quot;"
    providerName= "System.Data.EntityClient" />
    </connectionStrings >
    <system.web >
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" > 
    <assemblies>
    <add  assembly ="System.Data.Entity, Version=4.0.0.0, Culture=neutral, 
    PublicKeyToken=b77a5c561934e089"/>
    </assemblies>
    </compilation>
    <authentication mode="Forms">
    <forms  loginUrl ="~/Account/Login.aspx" timeout="2880"/>
    </authentication>
    <membership>
    <providers>
    <clear/>
    <add  name="AspNetSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider"
    connectionStringName= "ApplicationServices" enablePasswordRetrieval="false"
    enablePasswordReset=" true" requiresQuestionAndAnswer="false" requiresUniqueEmail=" false"
    maxInvalidPasswordAttempts="5" minRequiredPasswordLength ="6"
    minRequiredNonalphanumericCharacters="0 " passwordAttemptWindow="10" applicationName="/"
    />
    </providers>
    </membership>
    <profile>
    <providers>
    <clear/>
    <add  name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider"
    connectionStringName= "ApplicationServices" applicationName="/"/>
    </providers>
    </profile >
    <roleManager enabled="false">
    <providers>
    <clear/>
    <add  name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
    connectionStringName= "ApplicationServices" applicationName="/"/>
    <add  name="AspNetWindowsTokenRoleProvider"
    type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
    </providers>
    </roleManager> 
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
    <namespaces>
    <clear/>
    <add  namespace="System"/>
    <add  namespace="System.Collections"/>
    <add  namespace="System.Collections.Generic"/>
    <add  namespace="System.Collections.Specialized"/>
    <add  namespace="System.Configuration"/>
    <add  namespace="System.Text"/>
    <add  namespace="System.Text.RegularExpressions"/>
    <add  namespace="System.Linq"/>
    <add  namespace="System.Xml.Linq "/>
    <add  namespace="System.Web"/>
    <add  namespace="System.Web.Caching"/>
    <add  namespace="System.Web.SessionState"/>
    <add  namespace="System.Web.Security"/>
    <add  namespace="System.Web.Profile"/>
    <add  namespace="System.Web.UI"/>
    <add  namespace="System.Web.UI.WebControls"/>  
    <add  namespace="System.Web.UI.WebControls.WebParts"/>
    <add  namespace="System.Web.UI.HtmlControls"/>
    </namespaces>
    </pages>
    <httpRuntime  requestPathInvalidCharacters="&lt;, &gt;,%,&amp;,\,?"/>
    </system.web>
    <!-- 
    The system.webServer section is required for running ASP.NET AJAX under Internet
    Information Services 7.0. It is not necessary for previous version of IIS.
    -->
    </configuration> 
    
    
    \GestAvisService\Account\Web.config

    Codice:
    <?xml version ="1.0"?>
    <configuration>
    <location path="Register.aspx">
    <system.web>
    <authorization>
    <allow users= "*"/>
    </authorization >
    </system.web>
    </location>
    <system.web >
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>
    
    gestavis.svc.vb
    Codice:
    Imports System.Data.Services
    Imports System.Linq
    Imports System.ServiceModel.Web
    Imports GestAvisService.GestAvisModel
    Imports System.ServiceModel
    
    <ServiceBehavior(IncludeExceptionDetailInFaults:=True)>
    Public Class GestAvis
        Inherits DataService(Of GestAvisEntities)
    
        ' This method is called only once to initialize service-wide policies.
        Public Shared Sub InitializeService(ByVal config As DataServiceConfiguration)
            'Public Shared Sub InitializeService(ByVal config As IDataServiceConfiguration)
            ' Make certain entity sets writable.
            config.SetEntitySetAccessRule("TB_DONATORI", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_DONAZIONI", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_PUNTO_PRELIEVO", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_ATTIVITA", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_LINK_BENEM_DONAT", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_CHANGE_STATUS", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_TMP", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_STD", EntitySetRights.All)
            config.SetEntitySetAccessRule("TB_AGENDA", EntitySetRights.All)
    
            config.UseVerboseErrors = True
            ' Make the remaining entity sets read-only.
            config.SetEntitySetAccessRule("*", EntitySetRights.AllRead)
            config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2
        End Sub
    
    End Class
    
    

    http://localhost:7134/GestAvis.svc/
    Risultato_Server.png

    il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
    propormi il login come sotto riportato
    Login_asp.png

    il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
    questo lo vedro’ successivamente

    Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta

    Grazie
    Michele
     
  2. Vins

    Vins Moderatore Membro dello Staff MOD

    Registrato:
    28 Luglio 2009
    Messaggi:
    238
    Mi Piace Ricevuti:
    19
    Punteggio:
    0
  3. HolidaySoft.it

    HolidaySoft.it Utente Attivo

    Registrato:
    16 Ottobre 2012
    Messaggi:
    106
    Mi Piace Ricevuti:
    1
    Punteggio:
    0
    Occupazione:
    Business Intelligence Consultant
    Località:
    Milano
    Home Page:
    Ciao,
    me lo sono letto... purtroppo non ho trovato qualcosa che fa al mio caso e speravo di trovare un esperto che mi dava una mano...
    provo ad aspettare ancora

    Michele
     
Sto caricando...

Condividi questa Pagina