Basics of Securing Workflow Services Introducing the Workflow Services Security Pack (WFSP)

Download Basics of Securing Workflow Services Introducing the Workflow Services Security Pack (WFSP)

Post on 21-Dec-2015

213 views

Category:

Documents

1 download

TRANSCRIPT

Slide 1 Basics of Securing Workflow Services Introducing the Workflow Services Security Pack (WFSP) Slide 2 2 Slide 3 3 Slide 4 Slide 5 Slide 6 Securing for Windows Principals Use to secure at operation scope Wrap Receive and related sequence in Principal PermissionScope PrincipalPermission Scope Receive Activity Other Activities Send Reply Activity Username Role Name Delegation supported When Receives Principal doesnt match user or role, exception thrown Can deny anonymous by setting both User and Role to Null Windows Username (domain\user) or Windows Group web.config web.config Slide 7 Securing for Username / Password Set up ASP.NET membership & role providers in service config Can use any membership and role provider Use AppFabric to configure certificate for Username / Password secured services PrincipalPermission Scope Receive Activity Other Activities Send Reply Activity Username Role Name Membership Username or Role name web.config SqlMembershipProvider, SqlRoleProvider & Connection String wsHttpContextBinding message client credential type = UserName ServiceAuthorization behavior (principalPermissionMode = UseAspNetRoles) ServiceCredentials behavior Service certificate userNameAuthentication (usernamePasswordValidationMode = MembershipProvider) web.config SqlMembershipProvider, SqlRoleProvider & Connection String wsHttpContextBinding message client credential type = UserName ServiceAuthorization behavior (principalPermissionMode = UseAspNetRoles) ServiceCredentials behavior Service certificate userNameAuthentication (usernamePasswordValidationMode = MembershipProvider) No access to supplied password Slide 8 Slide 9 Securing Workflow Services