Ciao,
volevo chiedervi se mi davate delle dritte per quanto riguarda la messa in "sicurezza" di una applicazione WCF (Sicurezza di tipo Custom con User e password)
Di seguito trovate alcune info riguardo al progetto:
STRUTTURA LATO SERVER
Struttura_Server.jpg
\gestavisservice\web.config
codice:
<?xml version ="1.0" encoding="UTF-8"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name ="GestAvisEntities"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string="Data
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated
Security=True;MultipleActiveResultSets=True""
providerName= "System.Data.EntityClient" />
<add name ="ApplicationServices"
connectionString="metadata=res://*/GestAvis.csdl|res://*/GestAvis.ssdl|res://*/GestAvis.m
sl;provider=System.Data.SqlClient;provider connection string="Data
Source=.\SQLEXPRESS;Initial Catalog=GestAvisDb;Integrated
Security=True;MultipleActiveResultSets=True""
providerName= "System.Data.EntityClient" />
</connectionStrings >
<system.web >
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" >
<assemblies>
<add assembly ="System.Data.Entity, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl ="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName= "ApplicationServices" enablePasswordRetrieval="false"
enablePasswordReset=" true" requiresQuestionAndAnswer="false" requiresUniqueEmail=" false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength ="6"
minRequiredNonalphanumericCharacters="0 " passwordAttemptWindow="10" applicationName="/"
/>
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
</providers>
</profile >
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName= "ApplicationServices" applicationName="/"/>
<add name="AspNetWindowsTokenRoleProvider"
type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
</providers>
</roleManager>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq "/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<httpRuntime requestPathInvalidCharacters="<, >,%,&,\,?"/>
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
</configuration>
\GestAvisService\Account\Web.config
codice:
<?xml version ="1.0"?>
<configuration>
<location path="Register.aspx">
<system.web>
<authorization>
<allow users= "*"/>
</authorization >
</system.web>
</location>
<system.web >
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
gestavis.svc.vb
codice:
Imports System.Data.Services
Imports System.Linq
Imports System.ServiceModel.Web
Imports GestAvisService.GestAvisModel
Imports System.ServiceModel
<ServiceBehavior(IncludeExceptionDetailInFaults:=True)>
Public Class GestAvis
Inherits DataService(Of GestAvisEntities)
' This method is called only once to initialize service-wide policies.
Public Shared Sub InitializeService(ByVal config As DataServiceConfiguration)
'Public Shared Sub InitializeService(ByVal config As IDataServiceConfiguration)
' Make certain entity sets writable.
config.SetEntitySetAccessRule("TB_DONATORI", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_DONAZIONI", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_PUNTO_PRELIEVO", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_ATTIVITA", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_LINK_BENEM_DONAT", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_CHANGE_STATUS", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_TMP", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_INTERVALLO_DONAZIONE_STD", EntitySetRights.All)
config.SetEntitySetAccessRule("TB_AGENDA", EntitySetRights.All)
config.UseVerboseErrors = True
' Make the remaining entity sets read-only.
config.SetEntitySetAccessRule("*", EntitySetRights.AllRead)
config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2
End Sub
End Class
http://localhost:7134/GestAvis.svc/
Risultato_Server.jpg
il mio obiettivo: al lancio dell’url http://localhost:7134/GestAvis.svc/ e successivi url deve
propormi il login come sotto riportato
Login_asp.jpg
il passo successivo sara’, modificare il client affinche’ acceda con user e password.. ma
questo lo vedro’ successivamente
Magari sto sbagliando l'approccio per poter applicare della security all'applicazione, e quindi vi chiedo di indicarmi la strada corretta
Grazie
Michele