Pass client info thru web site to WCF Rest service_问答_开发者

Pass client info thru web site to WCF Rest service

开发者 https://www.devze.com 2023-03-15 14:24 出处：网络

I need to know the best approach to pass the client\'s information (identity, locale, etc) thru my ASP.NET website to my back-end WCF RESTful web services.I\'d like the solution to be portable (reusab

I need to know the best approach to pass the client's information (identity, locale, etc) thru my ASP.NET website to my back-end WCF RESTful web services. I'd like the solution to be portable (reusable) to other applications as this model is very typical in my organization.

Here's the scenario:

The ASP.NET website runs on a web server that sits in our perimeter zone.
The WCF service application runs on an app server b开发者_StackOverflow中文版ehind the firewall on our internal network.
The client (user) can be on our internal network or on the web when he/she browses to the website.
The website calls the web service to request various information or to perform certain tasks.
The web service needs the client's information in order to perform these operations.

Note: the website is using Forms Authentication and is NOT impersonating the user. So, passing the identity info or current culture info using WCF extensibility (behavior, inspectors, etc) only gives us the identity and culture of the web server and not the actual client.

Any suggestions?

This looks like a case for federated security.

Basically, when the user logs in you generate a session ticket. This can be a number or a string. This ticket contains encoded information about the user's identity and/or his roles, and an expiration timestamp.

You pass this session ticket to your REST calls, and the receiving server decodes the ticket to get the information he needs. If a ticket is invalid (not decryptable, outdated, or without the required rights), the server method rejects the operation and returns a 401 Unauthorized HTTP status.

To implement this, you can rely on Microsoft's implementation (wsFederationHttpBinding) or roll your own, which ususally requires less effort.

One more note: to generate and authenticate the tickets, you may create another service which sits behind your 2nd firewall, or you may use an in-memory DLL... But make sure that generating a ticket is not easy to do in case the webserver gets compromised.