WCF中的密码摘要 [英] Password digest in WCF

问题描述

我目前正在使用自定义绑定实现，以允许WCF发送带有明文的用户名令牌(ClearUsernameBinding

I'm currently using a custom binding implementation to allow WCF to send Username tokens with clear text (ClearUsernameBinding http://webservices20.blogspot.com/2008/11/introducing-wcf-clearusernamebinding.html) in several services which use PasswordText for the Type. Everything works nicely. However there is a new service which requires PasswordDigest, and we can not use SSL or certificates at this point. The client is sending the hash (password), nonce and created elements in the usernametoken element in the soap headers, but the validation (from the class extending UserNamePasswordValidator) is not reached. The service is being hit anyways because I can set break points in the Application_BeginRequest and capture the hits in the logs.
The request from the client is correct, but the service response returns : An error occurred when verifying security for the message. As I said, when the password type is PasswordText, the UserNamePasswordValidator validation is hit, and it works fine. The clients are all Java clients, so I can not use the out of the box options in WCF. Can you point me out where to look at ?

推荐答案

您好，Camilor，

请澄清您的意思是密码摘要.我没有在MSDN文档中看到WCF身份验证的任何介绍:
http://msdn. microsoft.com/zh-cn/library/ms733082.aspx

在这种情况下，请让我知道您如何在服务配置中设置客户端凭据类型.

Hi Camilor,

Please clarify what you mean password digest. I didn't see any introduction in WCF authentication in MSDN document:
http://msdn.microsoft.com/en-us/library/ms733082.aspx

Please let me know how you set client credential type in service configuration in this situation.

这篇关于WCF中的密码摘要的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！