Download - Basics of Securing Workflow Services Introducing the Workflow Services Security Pack (WFSP)
Basics of Securing Workflow ServicesIntroducing the Workflow Services Security Pack (WFSP)
2
3
Securing for Windows Principals
Use to secure at
operation scope
Wrap Receive and
related sequence in
Principal
PermissionScope
PrincipalPermissionScope
Receive ActivityReceive Activity
…Other Activities ……Other Activities …
Send Reply ActivitySend Reply Activity
UsernameUsername
Role NameRole Name
Delegation supportedDelegation supported
When Receive’s Principal
doesn’t match user or role, exception
thrown
When Receive’s Principal
doesn’t match user or role, exception
thrown
Can deny anonymous by
setting both User and Role
to Null
Can deny anonymous by
setting both User and Role
to Null
Windows Username
(domain\user) or Windows
Group
Windows Username
(domain\user) or Windows
Group
web.config
<protocolMapping> <add scheme="http" binding="wsHttpContextBinding"/></protocolMapping>
Securing for Username / Password
Set up ASP.NET
membership & role
providers in service
config
Can use any
membership and role
provider
Use AppFabric to
configure certificate
for Username /
Password secured
services
PrincipalPermissionScope
Receive ActivityReceive Activity
…Other Activities ……Other Activities …
Send Reply ActivitySend Reply Activity
UsernameUsername
Role NameRole Name
Membership Username or Role name
Membership Username or Role name
web.config• SqlMembershipProvider, SqlRoleProvider & Connection String• wsHttpContextBinding
• message client credential type = “UserName”•ServiceAuthorization behavior (principalPermissionMode = “UseAspNetRoles”)•ServiceCredentials behavior
• Service certificate• userNameAuthentication (usernamePasswordValidationMode = “MembershipProvider”)
No access to supplied password
No access to supplied password
Securing Workflow Services
