如何使用Microsoft JWT令牌处理程序来保护基于webHttpBinding的WCF服务 [英] How to use Microsoft JWT Token Handler to secure webHttpBinding based WCF service

问题描述

我需要保护使用带有令牌的webHttpBinding的WCF服务，但很难弄清楚该怎么做.据我了解，推荐的方法是使用JWT令牌?

I need to secure a WCF Service that uses webHttpBinding with tokens, but having a hard time figuring out how to do so. It is my understanding that the recommend way of doing this is by using JWT Tokens?

我有一个STS(IdentityServer)，它通过OAuth 2.0向我的移动客户端(Sencha Touch应用程序)发行JWT令牌，并且该应用程序需要调用基于webHttpBinding的WCF服务.

I have an STS (IdentityServer) that issues JWT tokens to my Mobile Client (Sencha Touch Application) through OAuth 2.0, and this application needs to call a webHttpBinding based WCF Service.

现在，我想使用令牌来保护它，而且我知道Microsoft已经发布了JWT安全令牌处理程序NuGet程序包.

Now I want to secure this using tokens, and I know Microsoft has released a JWT Security Token Handler NuGet package.

我已经在web.config的"identityConfiguration"标签下的"securityTokenHandlers"标签中添加了此安全令牌处理程序，但是我对如何实际使用令牌处理程序来验证令牌，提取声明感到有些困惑.并设置IClaimsPrinicipal对象.

I have added this security token handler in the "securityTokenHandlers" tag under my "identityConfiguration" tag in the web.config, but I feel a bit lost on how to actually use the token handler to validate the token, extracting the claims and setting the IClaimsPrinicipal object.

我能找到的大多数示例都使用WebAPI，并且适用于ASP.NET应用程序，但就我而言，我只需要使用webHttpBinding保护常规" WCF服务即可.

Most examples I have been able to find use WebAPI and are for ASP.NET applications, but in my case I need to just secure an "ordinary" WCF Service using a webHttpBinding.

对于如何完成此操作的任何帮助，将不胜感激.

Any help on how to accomplish this, would be greatly appreciated.

推荐答案

您不会在SOAP服务上通过OAuth实现找到很多示例. OAuth主要是为无法处理SOAP及其相关的WS-Security复杂性的客户端创建的.

You won't find many samples with OAuth implementation over SOAP services. OAuth was created primarily for clients that could not handle SOAP and its associated WS-Security complexity.

尽管不常见，但仍然可能，您只需要实现自己的WCF管道挂钩(IDispatchMessageInspector)即可从HTTP标头中获取令牌，然后使用JWT类设置您的声明.

Although not common, it is still possible, you just need to implement your own WCF pipeline hook (IDispatchMessageInspector) to get the token from HTTP header and then use the JWT classes to set your claims.

我还没有使用此代码示例，但是它看起来可以满足您的要求.

I have not used this code sample, but it looks like it will do what you want. http://blogs.msdn.com/b/pavelkhodak/archive/2013/07/26/enable-http-bearer-jwt-token-authentication-for-rest-service-using-webhttpbinding-in-wcf.aspx

这篇关于如何使用Microsoft JWT令牌处理程序来保护基于webHttpBinding的WCF服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！