如何在 WCF 中声明性地实现自定义 IAuthorizationPolicy? [英] How to declaratively implement custom IAuthorizationPolicy in WCF?

问题描述

我有一个托管在 IIS 中的 WCF 服务.我想使用我自己的 IAuthorizationPolicy，并在服务器上的 web.config 文件中配置它.我有我的身份验证政策:

I have a WCF service that is hosted in IIS. I want to use my own IAuthorizationPolicy, and have it configured in the web.config file on the server. I have my auth policy:

namespace MyLib.WCF
{
    public class CustomAuthorizationPolicy : IAuthorizationPolicy
    {
        public CustomAuthorizationPolicy()
        {
            this.Id = Guid.NewGuid().ToString();
        }

        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            throw new ApplicationException("Testing custom auth");
        }
        ...
    }
}

在我的 web.config 中:

And in my web.config:

<service behaviorConfiguration="Behavior" name="MyService">
    <endpoint address="" binding="wsHttpBinding"  contract="IMyService"/>               
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
<serviceBehaviors>
    <behavior name="Behavior">
        <serviceAuthorization principalPermissionMode="Custom">
            <authorizationPolicies>
        <add policyType="MyLib.WCF.CustomAuthorizationPolicy, MyLib.WCF, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
            </authorizationPolicies>
        </serviceAuthorization>
    </behavior>
</serviceBehaviors>

但我的 CustomAuthorizationPolicy.Evaluate() 方法从不触发.我错过了什么?

But my CustomAuthorizationPolicy.Evaluate() method never fires. What am I missing?

推荐答案

嗯，明显(愚蠢)的问题是:在你的 中，你真的引用了你的行为配置吗?

Well, the obvious (silly) question is: in your <service>, do you actually reference your behavior configuration??

即你有吗:

<system.serviceModel>    
 ....
   <service name="YourService" behaviorConfiguration="Behavior">
       ....
   </service>
 ....
</system.serviceModel>

仅仅定义你所有的东西是很好的——但除非你真的引用了它，否则它不会对你有任何好处(去过那里，我自己也做过！:-))

Just defining all your stuff is nice and well - but unless you've actually referenced it, it won't do you any good (been there, done that myself, too! :-) )

第二个(几乎是愚蠢的)问题是:你使用什么绑定和安全配置??你有没有打开安全?如果您有 <security mode="None">，那么您的服务授权显然也不会被使用(因为根本没有将凭据传递给服务).

Second (almost as silly) question would be: what binding and security config do you use?? Have you even turned on security at all? If you have <security mode="None">, then your service authorization will obviously never be used, either (since no credentials are being passed to the service at all).

马克

这篇关于如何在 WCF 中声明性地实现自定义 IAuthorizationPolicy?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！