在自定义UserNamePasswordValidator中返回适当的故障信息 [英] Returning appropriate fault information in a custom UserNamePasswordValidator
问题描述
我正在查看用于创建自定义UserNamePasswordValidator(WCFSamples \ TechnologySamples \ Extensibility \ Security \ UserNamePasswordValidator \ CS \ service)的WCF示例.
I'm looking at the WCF samples for creating a custom UserNamePasswordValidator (WCFSamples\TechnologySamples\Extensibility\Security\UserNamePasswordValidator\CS\service).
该示例的CustomUserNamePasswordValidator实现演示了如果用户名/密码组合无效,则抛出SecurityTokenException.
The sample's CustomUserNamePasswordValidator implementation demonstrates that if a username/password combination is not valid, to throw a SecurityTokenException.
但是,由于该异常发生在管道的身份验证阶段,因此在对消息进行身份验证之前,客户端抛出的异常不是SecurityTokenException,而是始终是MessageSecurityException,该异常表示:接收到来自另一方的错误保护的错误.有关错误代码和详细信息,请参见内部FaultException.}内部异常也不包含SecurityTokenException,而是一个FaultException,它指示{"在处理安全令牌时发生错误.消息."}
However, since the exception occurs during the authentication stage of the pipeline, prior to the message being authenticated, the exception thrown by the client is not a SecurityTokenException, but is always a MessageSecurityException that indicates that: {"An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail."} The inner exception does not contain the SecurityTokenException either, but is a FaultException indicates that {"An error occurred when processing the security tokens in the message."}
这是有道理的,因为我们使用的是基于消息的安全性-服务无法进行身份验证并发出令牌,因此客户端无法对从服务返回的故障消息进行身份验证. (或类似的东西;)
This makes sense since we're using message-based security -- the service can't authenticate and issue a token, so the client can't authenticate the fault message coming back from the service. (or something like that ;)
所以我的问题是,捕获一个MessageSecurityException,例如,向客户端用户指示所提供的凭据无效,然后重新输入其凭据,或者是否存在另一种抛出SecurityTokenException的方式,是否合适?
So my question is, it appropriate to catch a MessageSecurityException, say, to indicate to the client user that the provided credentials are invalid, and to re-enter their credentials, or is there another way of flowing the SecurityTokenException as thrown in the custom UserNamePasswordValidator, or another fault message (maybe trace diags?) back to the client?
推荐答案
我遇到了同样的问题.我继承了 UserNamePasswordValidator ,并为WCF提供了 Validate 方法的替代验证.如果身份验证失败,我将抛出一个 UnauthorizedAccessException ,但在该服务器上收到 MessageSecurityException 客户.因此,我在客户端上的异常处理无法确定用户是否输入了无效的用户名/密码,或者是否存在其他问题.
I've got the same issue. I'm inheriting from UserNamePasswordValidator and providing an override of the Validate method for WCF authentication. If the authentication fails, I throw an UnauthorizedAccessException, but receive a MessageSecurityException on the client. Therefore my exception handling on the client cannot determine if the user entered an invalid username/password, or if there was some other problem.
有人知道解决方案吗?
这篇关于在自定义UserNamePasswordValidator中返回适当的故障信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
