Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Đầu tiên, B nên sử dụng bản sắc riêng của nó, và các thuộc tính kèm theo, khi các cuộc gọi C? Hoặc nó có nên sử dụng A, C tin rằng nó đã nhận được một yêu cầu từ A? Giây chứng nhận được dành riêng cho khả năng tương tác dịch vụ Web, cho triển vọng hơn nữa các giải pháp khả năng tương tác. | Securing .NET Web Services 251 WebMethod public double GetProductPrice int id Principalpermission memberPerm new PrincipalPermission null member Principalpermission customerPerm new PrincipalPermission null customer memberPerm .Union customerPerm .Demand . The imperative role-based control adds not only more flexibility but also granularity of access checks that is even finer than method-level. However developers pay for these benefits by making their application code security-aware which is a high price unless you develop very limited applications with a small number of methods and security policies that never change. If you don t want the trouble of coding access checks into your Web Service methods consider instead implementing authorization enforcement by a specialized HTTP module as described earlier. This concludes the discussion of the building blocks of access control in your ASP.NET Web Services. Depending on your application security requirements and design you might find some built-in features sufficient for your needs such as IP-based restriction mechanisms preferably combined with IPSEC Windows DACLs and ASP.NET URL authorization. On the other hand you might have to resort to .NET roles using them either declaratively or programmatically or HTTP authorization modules or even a combination of several mechanisms. Each mechanism has its own advantages and disadvantages which hopefully have been explained to you well enough to allow you to make the right decisions when designing secure ASP.NET Web Services. No matter how well the access control solution has been designed and implemented it is never perfect. This is why it is imperative to implement a secure audit mechanism that makes users of Web Services accountable for their actions and detects security breaches. Audit As with other security mechanisms available in ASP.NET Web Service implementations the potential choices you have for implementing auditing are Windows OS ASP.NET itself CLR SOAP Security