存储在UserNamePasswordValidator定制信息 [英] Storing custom info in UserNamePasswordValidator
问题描述
我对.NET 4中使用自定义UserNamePasswordValidator WCF服务,使用SSL和信息安全。
I have a WCF service on .NET 4 with a custom UserNamePasswordValidator, secured with SSL and message security.
在UserNamePasswordValidator获取的用户名和密码,并将其传递到一个存储过程返回该用户名和密码的有效帐户令牌。
The UserNamePasswordValidator receives the user name and password and passes it to a stored procedure that returns the valid account token for that user name and password.
我的问题是,我不知道如何访问该帐户令牌在实际的Web服务。我怀疑,我必须能够标记添加到一个头的地方,但的OperationContext尚不存在于UserNamePasswordValidator和HttpContext的设置它失败的消息确认安全时发生错误。
My problem is that I don't understand how to access that account token in the actual web service. I suspect that I must be able to add the token to a header somewhere, but OperationContext does not exist yet in the UserNamePasswordValidator and setting it on HttpContext fails with "An error occurred when verifying security for the message."
这是我的google搜索,似乎我必须实现IAuthorizationPolicy或IIdentity的,但那些都将有机会获得密码。
From my googling, it appears that I must implement either IAuthorizationPolicy or IIdentity, but neither of those will have access to the password.
我会认为,许多服务将采取用户名和密码,并用它来找到相关的帐户。我是它过于复杂,还是我只是缺少明显的东西?
I would think that many services would take a user name and password and use that to find the relevant account. Am I overcomplicating it, or am I just missing something obvious?
推荐答案
我结束了检查OperationContext.Current.ServiceSecurityContext.PrimaryIdentity,看看用户进行身份验证,然后就根据检索的身份,我需要从数据库中的信息名称。这似乎工作得很好。
I ended up checking OperationContext.Current.ServiceSecurityContext.PrimaryIdentity to see if the user is authenticated and then just retrieving the information I needed from the database based on the identity name. That seems to work just fine.
这篇关于存储在UserNamePasswordValidator定制信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
