WCF Security Scenarios – Barebones

11 ביוני 2009

תגיות: , ,
אין תגובות

You can download the source code for these posts here.

In his book, “Programming WCF Services”, Juval Lowy does a superb job of explaining the principles of WCF Security and simplifies the subject by discussing 4 typical security scenarios.

I implemented those scenarios as demos for my latest class in WCF and I would like share them with you in this and the next few posts.

Why should you read on?

These demos are concise yet complete. My approach has been to use configuration files only – no code. For each scenario I present two complete configuration files, one for the client and one for the server. I have removed every character that is not absolutely necessary for the demonstration. I have also aligned the configuration files so you can easily compare them line by line to locate the differences.

Hopefully you should be able to get started with one of these demos very quickly.

Overview

There are four typical scenarios: Intranet, Anonymous, Business-to-Business and Internet. I have dedicated a post to each one.

Each has a demo in the source code. The four demos are identical except for their configuration files (and the Internet demo which differs slightly in code too).

Each demo consists of a self-hosted console application which also contains the service implementation and a console client application that consumes it. The service consists of a calculator contract with one method.

This is the contract:

namespace CalculatorService

{

    [ServiceContract]

    public interface ICalculator

    {

        [OperationContract]

        double Add(double a, double b);

    }

}

This is the implementation

namespace CalculatorService

{

    [ServiceBehavior]

    public class Calculator : ICalculator

    {

        #region ICalculator Members

 

        public double Add(double a, double b)

        {

            return a + b;

        }

 

        #endregion

    }

}

And this is the client code

namespace Client

{

    class Program

    {

        void Run()

        {

            try

            {

                CalculatorClient calc = new CalculatorClient();

                double result = calc.Add(5, 6);

 

                Console.WriteLine("Result = {0}", result);

            }

            catch (Exception ex)

            {

                Console.WriteLine(ex.Message);

            }

        }

 

        static void Main(string[] args)

        {

            new Program().Run();

            Console.ReadLine();

        }

    }

}

The only exception to this is in the Internet scenario where I demonstrate role-based security. I will show you the small differences in code for that scenario in the last post of this series.

Apart from that, we are done with code, let’s go and read those app.configs. . .

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. (*) שדות חובה מסומנים