WCF Rest认证行为 [英] WCF REST Authentication behavior

问题描述

我希望能够验证一个WCF休息web服务，但我真的不知道如何去做。它看起来像许多其他问题涉及到的东西在.NET 3.5中WCF（如WebServiceHost2），它似乎不再存在了。

I want to be able to authenticate a WCF Rest webservice but I'm not really sure how to go about it. It looks like many of the other questions relate to stuff in .net 3.5 WCF (such as WebServiceHost2) which no longer seems to exist.

我想这样做基于消息验证的WCF服务与自定义的用户名和密码。从我可以告诉，这可以通过以下常规WCF来完成：

I am wanting to do message based authentication on the WCF service with custom usernames and passwords. From what I can tell this can be done by the following in regular WCF:

<behaviors>
  <serviceBehaviors>
    <behavior name="PasswordValidator">
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom"
                                customUserNamePasswordValidatorType="MyNamespace.PasswordValidator, MyNamespace"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

不过，我现在用的休息，我不能得到这个基础的web.config配置行为去。我莫名其妙地需要做到这一点在我serviceRoute。

however as I am using Rest I cant get this web.config based behaviour config going. I somehow need to do this in my serviceRoute.

RouteTable.Routes.Add(new ServiceRoute("", new WebServiceHostFactory(), typeof(HelloService)));

没有人知道如何做到这一点还是对基于信息安全的任何好的教程与休息和WCF 4.0？

does anyone know how to do this or have any good tutorials on Message Based security with Rest and WCF 4.0?

推荐答案

我解决了，这是为了实现自定义授权属性，它看着我加入到HTTP头集合了两个自定义字段的方式。

The way I solved this was to implement a custom authorize attribute which looks at two custom fields which I added into the HTTP headers collection.

这似乎工作pretty的好。

This seems to work pretty well.

public class UserAndPasswordAuthenticationAttribute : Attribute, IOperationBehavior, IParameterInspector
    {
        public void ApplyDispatchBehavior(
            OperationDescription operationDescription,
            DispatchOperation dispatchOperation)
        {
            dispatchOperation.ParameterInspectors.Add(this);
        }

        public void AfterCall(string operationName, object[] outputs,
                              object returnValue, object correlationState)
        {
        }

        public object BeforeCall(string operationName, object[] inputs)
        {
            string username = WebOperationContext.Current
                                   .IncomingRequest.Headers["username"];
            string password = WebOperationContext.Current
                                   .IncomingRequest.Headers["password"];


            if (username != "bob" || password!= "123")
            {
                WebOperationContext.Current.OutgoingResponse.StatusCode =
                    HttpStatusCode.Unauthorized;
                throw new UnauthorizedAccessException("");
            }

            return null;
        }

        public void AddBindingParameters(OperationDescription operationDescription, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
        }

        public void ApplyClientBehavior(OperationDescription operationDescription, ClientOperation clientOperation)
        {
        }

        public void Validate(OperationDescription operationDescription)
        {
        }
    }

然后我就可以只添加该属性的方法我的合同，以确保他们在

I can then just add this attribute to methods in my contract to secure them

这篇关于WCF Rest认证行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！