有关WCF和基本身份验证的问题...... [英] Question on WCF and basic authentication...

问题描述

大家好，

所以这是交易，我正在尝试建立一个WCF服务，需要支持SOAP 1.2和基本身份验证（用户名+密码，必须根据自定义进行验证）数据库）。该服务将由第三方通过互联网使用。

我正在使用Visual Studio 2015和.NET 4.6.1。



据我所知，我需要一个wsHttpBinding（它支持SOAP 1.2）。

然后我需要设置一些方法来验证用户名+密码，这可以通过继承System来完成。 ServiceModel.UserNamePasswordValidator。



现在对于棘手的部分，配置......

Hi all,
So here's the deal, I'm trying to set up a WCF service which needs support for SOAP 1.2 and Basic Authentication (username + password, which must be validated against a custom database). The service will be consumed by a third party over the internet.
I'm using Visual Studio 2015 with .NET 4.6.1.

So as far as I understand I need a wsHttpBinding (which supports SOAP 1.2).
Then I need to set up some way to validate the username + password, which can be done by inheriting from System.ServiceModel.UserNamePasswordValidator.

And now for the tricky part, configuration...

<!-- ... Stuff ... -->
<serviceCredentials>
  <userNameAuthentication userNamePasswordValidationMode="Custom"

                          customUserNamePasswordValidatorType="MyProject.CustomUsernamePasswordValidator, MyProject"/>
</serviceCredentials>

<!-- ... More stuff ... -->
<protocolMapping>
  <add binding="wsHttpBinding" scheme="http" bindingConfiguration="wsHttpBinding" />
</protocolMapping>
<bindings>
  <wsHttpBinding>
    <!-- For HTTP support (testing only) -->
    <binding name="wsHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="Basic" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<!-- ... Even more stuff ... -->

问题是，只要我设置安全模式clientCredentialType Basic我需要SSL和（自签名）证书。我能找到禁用它的唯一方法是使用basicHttpBinding和clientCredentialType TransportCredentialOnly，但它只支持SOAP 1.1。



当然我可以创建一个自签名证书，但我真的不希望它用于测试目的（该项目的下一个程序员需要它，每个人都会需要它，这提高了维护的条件等）。



所以我的问题：我可以使用基本身份验证和普通HTTP（没有S）的SOAP 1.2吗？



谢谢！



我尝试了什么：



我搜索了整个互联网，我已经尝试了几乎任何可能的配置。

The problem is, as soon as I set up security mode Transport with clientCredentialType Basic I need SSL and a (self-)signed certificate. The only way I can find to disable this is by using basicHttpBinding and clientCredentialType TransportCredentialOnly, but that only supports SOAP 1.1.

Of course I could create a self-signed certificate, but I really don't want that for testing purposes (the next programmer on this project will need it, everyone will always needs it, which raises the bar for maintenance, etc.).

So my question: can I have SOAP 1.2 with Basic Authentication and plain HTTP (no S)?

Thanks!

What I have tried:

I've searched the entire internet, and I've tried just about any configuration possible.

推荐答案

好吧，所以我发现了我最大的问题。这是相当愚蠢的。

我错过了服务配置...

Alright, so I found my biggest problem. It's rather stupid.
I was missing the services configuration...

<services>
  <service name="MyProject">
    <endpoint address="" binding="wsHttpBinding" contract="MyProject.IMyService" bindingconfiguration="BasicAuthentication"></endpoint>
  </service>
</services>

我记得曾经在早期版本的WCF中生成过。

无论如何，有了这个我能够修复它。



没有HTTPS的基本身份验证是不可能的，但我能够通过忽略代码中的证书来实现它：

I remember that used to be generated in earlier versions of WCF.
Anyway, with that in place I was able to fix it.

Having Basic Authentication without HTTPS is impossible, but I was able to get it working by just ignoring the certificates in my code:

using (ServiceApiClient client = new ServiceApiClient())
{
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback((sender, cert, chain, error) => true);

    client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    // ...

这篇关于有关WCF和基本身份验证的问题......的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！