WCF自定义用户名验证程序无法正常工作 [英] WCF Custom username validator is not working

问题描述

Hi Team，

我正在开发一个带安全性的示例WCF服务，因为我是WCF的新手，我只想通过用户名和密码建立连接（注意：不需要SSL证书）。



我使用以下代码，



在服务中代码是



界面包含代码，

 命名空间 WcfService 
 {
 [ServiceContract] 
  public   interface  IWcfService 
 { 
 [OperationContract] 
  string  GetData（）; 
} 
} 

继承类有

 命名空间 WcfService 
 {
  public  类 WcfService：IWcfService 
 {
  public   string  GetData（）
 {
  return   样品服务; 
} 
} 
 
  public   class  CustomValidator： UserNamePasswordValidator 
 {
  public  覆盖  void 验证（字符串 userName，字符串密码）
 {
  if （userName ==   manikandan && password ==   manikandan）
 {
 
} 
 其他 
 {
 
} 
} 
} 
 
} 

服务中的web.config是

 <  < span class =code-leadattribute> system.serviceModel  >  
 <  服务 >  
 <   service     behaviorConfiguration   =  WcfService.WcfServiceBehavior    name   =  WcfService.WcfService >  
 <   endpoint    地址  =      binding   =  basicHttpBinding    bindingConfiguration   =   MyBinding   合同  =  WcfService.IWcfService >  
 <   identity  >  
 <   dns     value   =  localhost  /  >  
 <   / identity  >  
 <   / endpoint  >  
 <  端点   地址  =  mex    binding   =  mexHttpBinding   合同  =  IMetadataExchange  /  > ;  
 <   / service  >  
 <   / services  >  
 <  行为 >  
 <   serviceBehaviors  >  
 <  行为   名称  =  WcfService.WcfServiceBehavior >  
 <   SE rviceMetadata     httpGetEnabled   =  true  /  >  
 <   serviceDebug     includeExceptionDetailInFaults   =  false  /  >  
 <   / behavior  >  
 <   / serviceBehaviors  >  
 <   / behavior  >  
 <   bindings  >  
 <   basicHttpBinding  >  
 <   binding     name   =  MyBinding >  
 <   security     mode   = 无 >  
 <  消息    clientCredentialType   = 用户名  /  >  
 <   / security  >  
 <   / binding  >  
 <   / basicHttpBinding   >  
 <   / bindings  >  
 <   / system.serviceModel  >  

我正在使用Web应用程序中的服务，如下所示：

我只是添加服务引用并使用以下代码调用服务，

 ServiceReference1.WcfServiceClient client = new WcfServiceClient（）; 
 client.ClientCredentials.UserName.UserName =manikandan; 
 client.ClientCredentials.UserName.Password =manikandan; 
 string state = client.State.ToString（）; 
 string val = client.GetData（）; 
 txtEmpId.Text = val; 

其中ServiceReference1是我服务的名称



你能看到代码并告诉我我犯了什么错误，我把调试器放在每个方法上，CustomValidator没有触发，所以它没有经过验证。如何使用没有证书的用户名和密码来保护它。

提前谢谢。

解决方案

整个想法都是错误的。硬编码密码根本没有意义，完全不安全。更一般地说，将密码存储在任何地方是不安全这不是基于密码的安全性的工作原理。如果您认为需要与密码进行比较以进行身份​​验证，请再想一想。绝对不是。



惊讶吗？不同意？那么请看我过去的答案：

我已经加密了我的密码，但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

解密加密密码 [ ^ ]，

存储密码值int sql server with secure方式 [ ^ ]。



祝你好运，

-SA

Hi Team,
I am developing a sample WCF service with security, as i am new to WCF i just to establish a connection through username and password(Note: no need of SSL certificate).

I am using the following code,

In service the code is

The interface contains the code,

namespace WcfService
{
   [ServiceContract]
    public interface IWcfService
    {
        [OperationContract]
        string GetData();
    }
}

the inherited class has

namespace WcfService
{
    public class WcfService : IWcfService
    {
        public string GetData()
        {
            return "Sample Service";
        }
    }

    public class CustomValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            if (userName == "manikandan" && password == "manikandan")
            {

            }
            else
            {

            }
        }
    }

}

The web.config in the service is

<system.serviceModel>
        <services>
            <service behaviorConfiguration="WcfService.WcfServiceBehavior" name="WcfService.WcfService">
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfService.IWcfService">
                    <identity>
                        <dns value="localhost"/>
                    </identity>
                </endpoint>
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="WcfService.WcfServiceBehavior">
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    <bindings>
      <basicHttpBinding>
        <binding name="MyBinding">
          <security mode="None">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    </system.serviceModel>

And i am consuming the service in the web application as follows,
I am just adding the service reference and invoke the service using the following code,

ServiceReference1.WcfServiceClient client = new WcfServiceClient();
        client.ClientCredentials.UserName.UserName = "manikandan";
        client.ClientCredentials.UserName.Password = "manikandan";
        string state= client.State.ToString();
        string val= client.GetData();
        txtEmpId.Text = val;

where ServiceReference1 is the name for my service

Could you guys see the code and tell me what mistake i made, i placed debugger on every method, the CustomValidator is not firing, so it is not authenticated. How can i secure it, with just username and password without certificate.
Thanks in advance.

解决方案

The whole idea is wrong. Hard-coding a password simply makes no sense and is totally unsafe. More generally, storing passwords anywhere is unsafe. This is not how password-based security works. If you think that comparing with a password is needed for authentication, think again. Absolutely not.

Surprised? Disagree? Then please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

Good luck,

—SA

这篇关于WCF自定义用户名验证程序无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！