To może być mojej początek przygody z WSE:
Źródło: theserverside.net (jest jeszcze wersja dla J2EE).
Tytuł: "Using Role Based Security with WSE 2.0 Article Released"
Autor: Paul Ballard (styczeń 18, 2005 DIGG)
The MSDN Web Services Development Center has released a new article by Ingo Rammer on using role based security in WSE 2.0. The article starts by showing how to use X.509 certificates to digitally sign messages. He then builds on this to create a custom SecurityTokenManager to map certificates to users and roles.
Using HTTP to authenticate your Web services requests might seem like a great idea in the beginning, but as soon as WS-Routing enters the game, the situation changes substantially: There is no direct HTTP connection between the sender and the ultimate recipient of the message anymore, but a potentially larger number different protocols which could be used along the routing path. This renders any means of transport-level security as a purely optional add-on that cannot guarantee the end-to-end integrity and security of your messages.
Starting with programmatically adding a X.509 certificate to a WSE message, the article shows how to digitally sign a message as coming from a specific client. The article then shows how to accomplish the same task using client policy and the WSE 2.0 configuration tool.
Once the message has been signed, a mapping needs to be created on the server to identify clients with specific roles. This is done by creating a mapping file and supporting classes and then implementing a custom SecurityTokenManager. The SecurityTokenManager validates the certificate and then uses the mapping to return a custom IPrincipal with the roles set based on the mapping. Then in the web service code, you can use declarative and imperative security demands to allow role based access.
The article ends by showing all of the various settings that need to be configured to add the custom SecurityTokenManager to the WSE pipeline. Niestety link do MSDN nie działa.
Dlatego przeszukałem MSDN Library na ciąg znaków: "role based security WSE" i znalazłem tam mnóstwo artykułów.
Brak komentarzy:
Prześlij komentarz