具有2个以上参数的WCF自定义身份验证 [英] WCF Custom Authentication with more than 2 parameters

问题描述

你好，

我尝试建立唯一的WCF服务连接，这将成为不同应用程序身份验证的入口.所有客户端应用程序将通过相同的服务来对客户端进行身份验证.并且所有应用程序都将向该服务提供ApplicationAuthentication派生类，其中包含它们自己的身份验证方法.每个ApplicationAuthentication派生类都有一个特定的名称.

我已经设置了WCF服务+ X509证书(仅测试)+自定义UserNamePasswordValidator类.
客户端可以建立与服务的连接，并正确调用validate(username，password)方法.

我现在的目的是在validate方法中提供不同的行为:
实际上，我使用MEF注入了由不同应用程序提供的潜在ApplicationAuthentication类的列表.

问题是:如何才能确定哪种ApplicationAuthentication是好的，而在validate方法中不能具有UserName和Password以外的其他参数?

为简化起见，我想使用第三个参数 string applicationName 进行类似的操作:

Hello,

I try to make a unique WCF service connection, which will be the entry point for different applications authentication. All clients application will pass through the same service to authenticates clients. And all applications will provide to this service an ApplicationAuthentication derived class, which contain their own authentication method. Each ApplicationAuthentication derived class have a specific Name.

I have already setup a WCF service + X509 certificate (test only) + Custom UserNamePasswordValidator class.
Clients can establish connection to service, and the validate(username,password) method is correclty called.

My purpose is now to provide differents behaviour in the validate method:
indeed, using MEF, I inject a list of potential ApplicationAuthentication classes, provided by the differents applications.

The issue is : how can I decide which ApplicationAuthentication is the good one, without be able to have other parameters than UserName and Password in validate method ?

To simplify, I wouldlike to have a third parameter string applicationName, to make something like that :

public class Authentication : UserNamePasswordValidator
{
  IEnumerable<authenticationapplication> _authenticationApplicationList = //MEF injection... consider that this a list containing App1 and App2 objects.
  public override void Validate(string userName, string password, string applicationName){
    if(!_authenticationApplicationList.Where(a => a.Name == applicationName)
                                  .First()
                                  .Authenticate(username, password))
         throw new SecurityTokenException("Access is not granted");
  }
}</authenticationapplication>

使用类似
的类

using classes like

class App1 : ApplicationAuthentication
{
   String Name { get {return "appli1";} }
   Boolean Authenticate (String userName, String password)
   {
         return true; // in test we don't care about the credentials
   }
}

class App2 : ApplicationAuthentication
{
   String Name { get {return "appli2";} }
   Boolean Authenticate (String userName, String password)
   {
         return false; // in test we don't care about the credentials
   }
}

然后，在客户端，根据另一个参数ApplicationName，我可以针对相同的用户名和密码获得不同的行为.(我假设String不是很好的参数类型，但仅用于测试.)

就目前而言，我正在使用UserName变量发送用户名和密码，然后我正在使用Password变量发送应用程序名...但是我对此解决方案不满意...

注意:我这样做的原因:我必须提供全局身份验证服务，但是我必须重用每个应用程序已经使用的现有特定基础和登录信息……在第二次中，我们可以创建一个唯一的数据库，唯一的用户名/密码，然后如果用户具有对此应用程序的权限，则使用GrantAccess.

我尝试创建自己的ClientCredentialType，但是此解决方案无效，
我尝试将参数设置为UserNamePasswordValidator，但当然首先要使用Validate方法..

您对这种实现方式有任何想法吗?

在此先感谢

Then, on client side, I could obtain differents behaviours for the same username+password, according to another parameter ApplicationName..(I assume that String isn''t good parameter type, but it''s just for tests..)

As for now, I''m using the UserName variable to send Username and Password, then I''m using the Password variable to send the ApplicationName... But I''m not happy with this solution...

Note : the reason I''m doing that : I have to make a global authentication service, but I have to reuse existing specific bases and logins already uses by each application... In second time, we could make a unique dataBase, a unique username/pwd, then GrantAccess if user have rights for this or this application..

I tried to make my own ClientCredentialType, but this solutions didn''t worked,
I tried to set parameters into UserNamePasswordValidator, but of course Validate method is called first..

Do you have any idea about this can of implemention, please?

Thanks in advance

推荐答案

如果在将请求发送到WCF服务时要求应用程序使用客户端证书是适当的，则可以为每个应用程序创建不同的X509证书.然后，您将能够通过附加到请求的X509证书的参数来区分应用程序.

If it is appropriate to require applications to use client certificate when sending requests to your WCF service, you can create a different X509 certificates for each application. Then you''ll be able to distinguish applications by parameters of X509 certificate attached to the request.

这篇关于具有2个以上参数的WCF自定义身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！