Mastering Web Services Security phần 7

Đầu tiên, B nên sử dụng bản sắc riêng của nó, và các thuộc tính kèm theo, khi các cuộc gọi C? Hoặc nó có nên sử dụng A, C tin rằng nó đã nhận được một yêu cầu từ A? Giây chứng nhận được dành riêng cho khả năng tương tác dịch vụ Web, cho triển vọng hơn nữa các giải pháp khả năng tương tác. | Securing .NET Web Services 251 WebMethod public double GetProductPrice int id Principalpermission memberPerm new PrincipalPermission null member Principalpermission customerPerm new PrincipalPermission null customer memberPerm .Union customerPerm .Demand . The imperative role-based control adds not only more flexibility but also granularity of access checks that is even finer than method-level. However developers pay for these benefits by making their application code security-aware which is a high price unless you develop very limited applications with a small number of methods and security policies that never change. If you don t want the trouble of coding access checks into your Web Service methods consider instead implementing authorization enforcement by a specialized HTTP module as described earlier. This concludes the discussion of the building blocks of access control in your Web Services. Depending on your application security requirements and design you might find some built-in features sufficient for your needs such as IP-based restriction mechanisms preferably combined with IPSEC Windows DACLs and URL authorization. On the other hand you might have to resort to .NET roles using them either declaratively or programmatically or HTTP authorization modules or even a combination of several mechanisms. Each mechanism has its own advantages and disadvantages which hopefully have been explained to you well enough to allow you to make the right decisions when designing secure Web Services. No matter how well the access control solution has been designed and implemented it is never perfect. This is why it is imperative to implement a secure audit mechanism that makes users of Web Services accountable for their actions and detects security breaches. Audit As with other security mechanisms available in Web Service implementations the potential choices you have for implementing auditing are Windows OS itself CLR SOAP Security

Bấm vào đây để xem trước nội dung
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.