{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Viruses. 的问题《How to secure data over WCF (dynamic security)》','https://www.manongdao.com/q-984540.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
How can I secure data across WCF?
This isn't the standard WCF authentication question. What I need to do is lock the data down and make sure that none of it can be sent to a client who isn't allowed to see it.
I have WCF authentication to check the validity of the client but I need to put a wrapper around the service layer to restrict data.
In this poor example I describe the issue; http://www.website.com/customers.aspx?CustomerId=1
Now a 'hacker' or the lowest quality changes the querystring to customerid=2. The authenticated user shouldn't be allowed to see this customer data.
What standard practice for locking down data? Is there anything built into WCF which I could use?
WCF only supports authentication and with role based security also operation based authorization. You need data driven authorization. It is up to you to build it in your operations or business layer.