1 / 9

Securing Workflow Services

Securing Workflow Services. Basics of Securing Workflow Services Introducing the Workflow Services Security Pack (WFSP). AppFabric Security. AppFabric doesn’t add any additional security requirements or restrictions on top of WCF Services

chester
Télécharger la présentation

Securing Workflow Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Workflow Services • Basics of Securing Workflow Services • Introducing the Workflow Services Security Pack (WFSP)

  2. AppFabric Security • AppFabric doesn’t add any additional security requirements or restrictions on top of WCF Services • Security is still controlled via IIS/WCF security capabilities • AppFabric provides certificate configuration through its UI and Cmdlets

  3. Quick WCF Security Review • Authentication controlled via bindings • Typical to leave Anonymous authentication on in IIS • Authorization can be accomplished with: • PrincipalPermissionAttribute • Impersonation • SecurityAuthorizationManager • SecurityAuthorizationManager is typically the recommended solution • Abstracts authorization away from the service implementation • Easier to change/replace

  4. Workflow Services Security Pack (WFSP) • Activities available for Windows and username/password security scenarios: • PrincipalPermissionScope • Authorize by username or role • ImpersonatingReceiveScope • Impersonate caller in contained activities • InitializeUsernameSecurityToken • Create a new token to attach to outgoing calls • TokenFlowScope • Attach username or windows token to outgoing calls

  5. Securing Access • Use the Workflow Services Security Pack • Windows credentials • Configure binding • Username / password (via Membership & Role Providers) credentials • Configure binding and providers

  6. Securing for Windows Principals PrincipalPermissionScope Windows Username (domain\user) or Windows Group Username Can deny anonymous by setting both User and Role to Null Role Name Use to secure at operation scope Wrap Receive and related sequence in Principal PermissionScope When Receive’s Principal doesn’t match user or role, exception thrown Receive Activity Delegation supported …Other Activities … Send Reply Activity web.config <protocolMapping> <add scheme="http" binding="wsHttpContextBinding"/> </protocolMapping>

  7. PrincipalPermissionScope Securing for Username / Password Membership Username or Role name Username Role Name Set up ASP.NET membership & role providers in service config Can use any membership and role provider Use AppFabric to configure certificate for Username / Password secured services Receive Activity No access to supplied password …Other Activities … Send Reply Activity • web.config • SqlMembershipProvider, SqlRoleProvider & Connection String • wsHttpContextBinding • message client credential type = “UserName” • ServiceAuthorization behavior (principalPermissionMode = “UseAspNetRoles”) • ServiceCredentials behavior • Service certificate • userNameAuthentication (usernamePasswordValidationMode = “MembershipProvider”)

  8. Securing the Adder Service

  9. Lab 5 • Securing Workflow Services

More Related