WCF如何通过令牌进行身份验证? [英] WCF how to pass token for authentication?
问题描述
我有一个 WCF 服务,它希望支持 basicHttpBinding 和 webHttpBinding.当客户端成功登录时,服务器将生成一个令牌,供客户端在以后的所有请求中传递给服务器.问题是客户端如何将令牌传递给服务器?我不想在每个 Web 方法上添加额外的参数来保存令牌.
I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.
推荐答案
通常,执行此类操作的最佳方法是在 WCF 标头中传递此类元信息".您可以轻松创建一个消息检查器来扩展 WCF(它真的没有那么可怕和难做!),它将令牌注入到来自客户端的每个传出请求中,并从标头中检索它并在服务器端对其进行验证.
Typically, the best way to do something like this is passing such "meta-information" in a WCF header. You can easily create a message inspector to extend WCF (it's really not that scary and hard to do!) which would inject the token into every outgoing request from the client, and retrieve it from the header and validate it on the server side.
有许多非常好的博客文章向您展示了如何创建消息检查器:
There are a number of pretty good blog post out there showing you how to create a message inspector:
- Richard Hallgren 的WCF 帖子
- 编写 WCF 消息检查员
- 使用自定义行为在 WCF 中自动流动
查看要实现的两个相关接口:
Check out the two relevant interfaces to implement:
- IClientMessageInspector 在客户端,其中有一个
BeforeSendRequest
和AfterReceiveReply
消息要实现 - IDispatchMessageInspector 在服务器端,其中有一个
AfterReceiveRequest
和BeforeSendReply
方法来实现
- IClientMessageInspector on the client side, which has a
BeforeSendRequest
andAfterReceiveReply
message to implement - IDispatchMessageInspector on the server side, which has a
AfterReceiveRequest
andBeforeSendReply
method to implement
这篇关于WCF如何通过令牌进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!