从 WCF 操作中获取 ClientCredentials [英] Obtaining ClientCredentials from WCF operation

问题描述

我的 WCF 服务使用自定义凭据验证器来实现自定义基于消息的安全性，因为我想确保每个调用我的 Web 服务上的操作的客户端在我的数据库中都有相应的用户名和密码.

My WCF Service uses a custom credentials validator for custom Message-based security, because I want to ensure each client calling an operation on my web service has a corresponding username and password in my database.

Imports System.IdentityModel.Selectors
Imports System.IdentityModel.Tokens

Public Class CredentialsValidator
    Inherits UserNamePasswordValidator

    Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
        Dim authenticationApi As New AuthenticationGateway()
        If Not authenticationApi.IsValid(userName, password) Then
            Throw New SecurityTokenException("Validation Failed.")
        End If
    End Sub
End Class

事情是，一旦用户通过身份验证，我想在我的 OperationContract 实现中使用 userName 来进行基于上下文的调用.

Thing is, once the user passes authentication I want to use the userName in my OperationContract implementations to make context based calls.

<ServiceContract(Name:="IMyService")> _
Public Interface IMyService
    <OperationContract()> _
    Function GetAccountNumber() As String
End Interface

Public Class IntegrationService
    Implements IIntegrationService

    Public Function GetAccountNumber() As String Implements IMyService.GetAccountNumber
        Dim userName As String '' Here I want the userName set from credentials
        Dim accountApi As New AccountGateway()
        Return accountApi.GetAccountNumber(userName)
    End Function
End Class

我不能依靠被调用者的诚实来指定他们的实际用户名，所以不能在不输入密码的情况下传递它.我想避免对 Web 服务的每次调用都必须接受 ClientCredentials.

I cant rely on the honesty of the callees to specify their actual userName so can't pass it without also passing in a password. I wanted to avoid having every single call to my web service having to accept the ClientCredentials.

谢谢.

推荐答案

Public Class IntegrationService
    Implements IIntegrationService

    Private ReadOnly Property UserName As String
        Get
            Return ServiceSecurityContext.Current.PrimaryIdentity.Name
        End Get
    End Property

    Public Function GetAccountNumber() As String Implements IMyService.GetAccountNumber
        Dim accountApi As New AccountGateway()
        Return accountApi.GetAccountNumber(UserName)
    End Function
End Class

这篇关于从 WCF 操作中获取 ClientCredentials的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！