WCF的自定义身份验证 [英] Custom authentication for WCF

问题描述

如何为应用程序中可用的所有.SVC实施自定义身份验证.

我们要实现WCF服务(.svc)-employee.svc和department.svc.
我们需要确保对于此服务中的每个OperationContract调用，用户都应该是经过身份验证的用户.

我们需要在IIS 7中托管此服务

我们尝试在新的AuthenticationService.svc中使用"System.Web.ApplicationServices.AuthenticationService"，并在Global.asax中注册事件System.Web.ApplicationServices.AuthenticationService.Authenticating.但是此事件仅用于
AuthenticationService.svc，但不适用于employee.svc和department.svc

另外，我们不希望在将托管此服务的服务器(或Windows或移动应用程序之类的其他任何应用程序)上安装任何证书.

另外，当调用服务的操作合同之一时，不应再次询问用户名/密码.

有任何建议吗??

How to implement custom authentication for all .SVC available in application.

We want to implement WCF services (.svc) - employee.svc and department.svc.
We need to assure that for every operationcontract call in this services the user should be authenticated user.

We need to host this services in IIS 7

We have tried using "System.Web.ApplicationServices.AuthenticationService" in a new AuthenticationService.svc and registering event System.Web.ApplicationServices.AuthenticationService.Authenticating in Global.asax. But this event is called only for
AuthenticationService.svc but not for employee.svc and department.svc

Also, we donot want any CERTIFICATE needs to be installed on the server(or any other application like windows or mobile application) where this service will be hosted.

Also, when the one of operationcontract of service is called it should not ask again for username/password.

Any suggesstion????

推荐答案

Hi,

If I understand you correct you want to use Authorization and Authentication.
Authentication can be implemented as Windows Authentication with active directory.

For Authorization you can use Message inspector.
For more about message inspector you can refer this link.

[<a href="http://msdn.microsoft.com/en-us/library/aa717047.aspx" target="_blank" title="New Window">^</a>]

这篇关于WCF的自定义身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！