处理外部WCF服务调用内部WCF服务（auth

编程入门行业动态更新时间:2024-10-24 01:57:16

处理外部WCF服务调用内部WCF服务（auth - session）(Handle external WCF Service calling internal WCF Service (auth - session))

我需要构建这个架构，我需要一些关于“我应该如何构建”的方向。我已经阅读了很多文档和示例，但我无法找到并想出如何努力提高效率和安全性：

用户在登录后可以访问其个人信息并管理帐户（更新个人数据，显示与其帐户相关的个人文档等）的外部应用程序（Android应用程序，ios应用程序）。用户名/密码输入必须只进行一次。

公共wcf服务将接收他们的行为，并将呼叫另一个内部wcf服务。它将像一座“桥梁”一样工作。

内部wcf服务将获取请求并执行所需的操作（逻辑和数据库操作）。这会将数据返回到外部wcf服务，并将此数据返回给客户端（显而易见）。

UserName / PWD存储在数据库中。

只能使用正确的凭据访问WCF服务并且是IIS托管的。

所以我发现很多问题/问题：

我不知道我应该如何建立AUTH（内部，外部，两者？）。如何管理wcf服务和应用客户端之间的会话以避免每次都发送凭据？

客户端应用程序每次都需要发送凭据吗？这意味着每个服务都需要SELECT数据库来检查用户名？

肥皂？休息服务？它不关心？（在内部wcf，外部wcf，两者？）。

我需要使用asp.NET会话，或者我真的不需要？我没有看到需要经常和重复调用的用户名/密码的服务如何在没有旧的asp.net会话的情况下有效。

感谢您的帮助和指导。

问候！

i need to build this architecture and i need some orientation on "how should i build". I've read many docs and examples but i can't find and figure how to do trying to be efficient and secure:

External app (android app, ios app) where users, after a login, can access to their personal info and manage the account (updating personal data, showing personal documents related to their account and much more). The username / pwd input must be done only 1 time.

A public wcf service will receive their actions and will call to a another internal wcf service. It will work like a 'bridge'.

The internal wcf service will get the request and do the operations needed (logical and db operations). This will return data to the external wcf service and this one to the client (obvious).

UserName/PWD are stored in a database.

WCF services can only be accessed with the correct credentials and are IIS hosted.

So i find many problems/questions:

I don't know HOW and WHERE should I build the AUTH (internal, external, both?). How can i manage a session between wcf services and app clients to avoid sending credentials every time?

The client app needs to send credentials every time? This means every service requires to SELECT the database for checking the username?

SOAP? Rest Services? It doesn't care? (on internal wcf, external wcf, both?).

I need work with asp.NET sessions or i really don't need? I don't see how services that needs username/pwd that are called frequently and repeatedly are efficient without old asp.net sessions.

Thanks for your help and orientation.

Regards!