Transcript Windows 7 Presentation Template

Basics of Securing Workflow Services
Introducing the Workflow Services Security Pack
(WFSP)
•
•
•
2
•
–
•
–
–
–
•
–
–
3
•
–
–
–
–
–
–
–
–
•
–
–
–
–
Securing for
Windows
Principals
Use to secure at
PrincipalPermission
Scope
Windows
Username
(domain\user) or
Windows Group
Username
Role Name
operation scope
Wrap Receive and
related sequence in
When Receive’s
Principal doesn’t
match user or role,
exception thrown
Receive Activity
Principal
…Other Activities
…
PermissionScope
Can deny
anonymous by
setting both User
and Role to Null
Delegation
supported
Send Reply Activity
web.config
<protocolMapping>
<add scheme="http" binding="wsHttpContextBinding"/>
</protocolMapping>
Securing for
Username /
Password
PrincipalPermission
Scope
Membership
Username or Role
name
Username
Role Name
Set up ASP.NET
Receive Activity
membership & role
providers in service config
Can use any membership
…Other Activities
…
and role provider
No access to
supplied password
Use AppFabric to
configure certificate for
Send Reply Activity
Username / Password
secured services
web.config
• SqlMembershipProvider, SqlRoleProvider & Connection String
• wsHttpContextBinding
• message client credential type = “UserName”
•ServiceAuthorization behavior (principalPermissionMode = “UseAspNetRoles”)
•ServiceCredentials behavior
• Service certificate
• userNameAuthentication (usernamePasswordValidationMode =
“MembershipProvider”)
Securing Workflow Services