使用 WCF REST 服务对 Windows 帐户以外的其他内容进行基本身份验证? [英] Basic Authentication with WCF REST service to something other than windows accounts?

问题描述

是否有一种干净的方法来公开需要基本身份验证的 WCF REST 服务，但我们自己在哪里处理用户名/密码的实际验证?好像你在config里告诉WCF你要使用基本身份验证，它强制你在IIS里开启基本身份验证，IIS只能对window账户做基本身份验证.

Is there a clean way to expose a WCF REST service that requires basic authentication, but where we handle the actual validation of the username/password ourselves? It seems that when you tell WCF in config that you want to use basic authentication, it forces you to turn on basic authentication in IIS and IIS can only do basic authentication against window accounts.

我们发现的唯一黑客是欺骗 WCF 并告诉它服务没有安全性，然后使用通用 IHttpModule(它有一个专有配置文件来指示哪些 URL 具有哪些)在 WCF 堆栈之外进行身份验证身份验证/授权要求).

The only hack we have found is to lie to WCF and tell it there is no security on the service and then do authentication outside of the WCF stack using a generic IHttpModule (which has a proprietary config file to indicate which URLs have which authentication/authorization requirements).

似乎应该有更好的方法.有人有吗?

It seems like there should be a better way. Anyone have one?

推荐答案

WCF REST Contrib 库支持此功能:

The WCF REST Contrib library enables this functionality:

http://github.com/mikeobrien/WcfRestContrib

它还允许您确保个人操作的安全.

It also allows you to secure individual operations.

这篇关于使用 WCF REST 服务对 Windows 帐户以外的其他内容进行基本身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！