{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ▲ chillily 的问题《Securing a WCF RESTful service— can't call it》','https://www.manongdao.com/q-691609.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm going to write a RESTful WCF service with webHttp or basicHTTP bindings-- nothing fancy.
However, I would like to secure it so that unless someone has logged into / authenticated against my ASP.Net MVC website they can't use the service. I must be looking in the wrong places because every discussion or article I read about this deals with securing the service calls via certificates or SSL.
That's good to know, but I'm more interested in how to prevent someone from using the service, giving them an error message, unless they're logged in? I'm using forms authentication FWIW but would be interested in learning how to go about this using OAuth as well. Thanks for your tips and advice.
I would say that this is a duplicate question to this one: How do I set oAuth authentication for a WCF REST C# Site . However, the information there is quite limited as well. You can also look at this article: http://weblogs.asp.net/cibrax/archive/2008/11/14/oauth-channel-for-wcf-restful-services.aspx .