Windows Service上托管的WCF-基本身份验证 [英] WCF Hosted on Windows Service - Basic Authentication
问题描述
嘿
我想了解身份验证机制的工作原理.如果应用程序托管在IIS上并设置为Windows,则基本IIS将针对Windows帐户进行身份验证.
在基本情况下,它将使用请求所附带的用户名/密码,因为Windows集成将使用令牌,这是我的理解,如果我写错了,请指出.
在Windows服务上托管WCF服务时,身份验证在哪里进行?如果我使用基本身份验证,当我请求方法时会发生什么??
我想提出一个解决方案,但是我想在提出建议之前先了解一下.我是否必须使用自定义身份验证提供程序,或者我看到一个示例应用程序,我的团队让客户端调用了响应为Pong的ping方法.但 客户端使用它来确定用户是否为授权用户.
我认为他们可能会使用一些自定义提供程序,但是在代码中我看不到任何内容.但正在进行身份验证.因此我想了解当使用基本身份验证的Windows服务上托管的WCF方法请求产生时,到底发生了什么.
谢谢
Chamy07
如果要执行用户名和密码身份验证,则可以自定义验证器,如本MSDN文档中所示.
#如何:使用自定义用户名和密码验证器
http://msdn.microsoft.com/en-us/library/aa702565.aspx
您可以将Windows身份验证与Message Security一起使用,WCF将为您执行Windows身份验证,没有其他工作.
但是,如果您要对客户端使用基本身份验证,请在 传输安全性, 您需要 要做 验证 在 服务器端的http 级别 , 如果 使用 IIS, 它将 帮助您 做好 ,,如果您没有 IIS, it 是 必要的 以 自己 .
Hey
I want to understand how the authentication mechanism works. If an application is hosted on IIS and set to windows or basic IIS will authenticate against the windows accounts.
when basic it will use the user name/ password that comes with the request where as windows integrated will use the token this is my understanding if I am wrong please do point it out.
when a WCF service is hosted on windows service, where the authentication is happening? If I use basic authentication what happens when I request a method??
I wanted to propose a solution but I want to understand this before I suggest. Do I have to use custom authentication provider or I am seeing a sample application my team has the client makes a call to a ping method that has response as pong. but the client uses it to figure out the user is authorized user or not.
I thought they might use some custom provider but in the code I dont see any. but the authentication is happening. so I wanted to understand what is exactly happening when a request that comes to WCF method that is hosted on windows service with basic authentication.
Thanks
Chamy07
Hi,
If you want to do User Name and Password authentication, you can custom a validator, as shown in this MSDN document.
#How to: Use a Custom User Name and Password Validator
http://msdn.microsoft.com/en-us/library/aa702565.aspx
You can use Windows authentication with Message security, WCF will do the Windows authentiaction for you, there are not additional work.
But if you want to use Basic authentication for the client, Basic authentication used in Transport security, you need to do the verification in the http level at the server side, if using IIS, it will help you do a good job, if you do not have IIS, it is necessary to it yourself.
这篇关于Windows Service上托管的WCF-基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
