WCF WebHttp混合身份验证(基本和匿名) [英] WCF WebHttp Mixed Authentication (Basic AND Anonymous)
问题描述
这一切都属于WebHttp结合,托管在一个自定义的服务主机(IIS是不是在这个时候一个选项)。
All of this is pertaining to WebHttp binding, hosted in a custom Service Host (IIS is not an option at this time).
我已经实现了自定义UserNamePasswordValidator,和一个自定义IAuthorizationPolicy。当我配置端点的结合使用基本身份验证,一切正常,就像我想(自定义主体,自定义角色,等等)。
I've implemented a custom UserNamePasswordValidator, and a custom IAuthorizationPolicy. When I configure the endpoint's binding to use Basic authentication, everything works just as I'd like (custom principal, custom roles, etc..).
我想补充的能力匿名HTTP访问的欢迎,并有我的自定义实现将匿名用户在某些默认的角色,等等。(如果没有身份验证标头发送)。
I'd like to add the ability for anonymous HTTP access as well, and have my custom implementations put the Anonymous user in some default roles, etc.. (if no Authenticate header is sent).
会发生什么,现在是匿名用户都获得了401之前,我的任何自定义的code被击中。如果我关闭了HTTP基本身份验证的要求,则验证头会被完全忽略。
What happens now is that anonymous users are given a 401 before any of my custom code is hit. If I turn off the HTTP Basic authentication requirement, then the Authenticate header is ignored altogether.
如何配置,或注入的身份验证标头,要做到这两种方式(而无需创建2个独立的终点)?
How do I configure, or inject an Authenticate header, to do this both ways (without creating 2 separate endpoints)?
推荐答案
首先,该服务正确响应匿名电话,根据的规范。
First of all, the service responds correctly to the anonymous call, according to the specification.
第二,这是不可能的。如果你是自托管你的服务,你有一些HTTP绑定,WCF将使用的 System.Net.HttpListener 实例能够响应HTTP请求(在 System.ServiceModel.Channels创建。 SharedHttpTransportManager.OnOpen )。该监听器有一个名为 HandleAuthentication 之前任何自定义的code被称为被称为方式方法。它负责发回401响应与挑战(WWW身份验证)。有什么可以做这个没什么。如果有,我想知道。
Second, this is impossible. When you are self-hosting your service and you have some http binding, WCF will use a System.Net.HttpListener instance to be able to respond to http requests (created in System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen). This listener has a method called HandleAuthentication that is called way before any of your custom code is called. It is responsible for sending back the 401 response with the challenge (WWW-Authenticate). There is nothing you can do about this. If there is, I'd like to know.
所以,你留下了以下选项:
So you're left with the following options:
- 在两个端点
- 配置客户端知道默认凭据
- 在改变你的客户,使他们能够接受挑战 响应
这篇关于WCF WebHttp混合身份验证(基本和匿名)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
