C＃REST Web服务的身份验证问题 [英] C# REST webservice authentication problem

问题描述

在我的previous问题<一href=\"http://stackoverflow.com/questions/3812625/c-problem-authenticating-webservice-between-two-webapplications\">here我是遇到身份验证的WebServices的困难。与使用WcfRestContrib库，我发现这里我能解决这个问题。我建立一个小型testapplication和认证工作就像一个魅力。

但我实施这个在我想使用web服务认证部分web应用时，我不断收到，在web应用中使用窗体身份验证不断重定向我到登录页面的问题。

我有我的web应用的web.config中以下配置的一部分。这就是我试图调用该服务通过它的URL的应用;

  HTTP：//website.localhost/Services/Info.svc/account
 

对于website.localhost的Web.config包含以下部分;

 ＆LT;位置路径=服务＆GT;
  ＆LT;＆的System.Web GT;
    ＆LT;授权＆GT;
      ＆LT;让用户=*/＆GT;
    ＆LT; /授权＆GT;
  ＆LT; /system.web>
＆LT; /地点＆gt;＆LT; system.serviceModel＆GT;
  ＆LT;附加功能，GT;
      ＆LT; behaviorExtensions＆GT;
        ＆LT;添加名称=webAuthenticationTYPE =WcfRestContrib.ServiceModel.Configuration.WebAuthentication.ConfigurationBehaviorElement，WcfRestContrib，版本= 1.0.6.107，区域性=中性公钥= 89183999a8dc93b5/＆GT;
        ＆LT;添加名称=的ErrorHandlerTYPE =WcfRestContrib.ServiceModel.Configuration.ErrorHandler.BehaviorElement，WcfRestContrib，版本= 1.0.6.107，区域性=中性公钥= 89183999a8dc93b5/＆GT;
        ＆LT;添加名称=webErrorHandlerTYPE =WcfRestContrib.ServiceModel.Configuration.WebErrorHandler.ConfigurationBehaviorElement，WcfRestContrib，版本= 1.0.6.107，区域性=中性公钥= 89183999a8dc93b5/＆GT;
      ＆LT; / behaviorExtensions＆GT;
  ＆LT; /扩展＆GT;
  ＆LT;＆行为GT;
      ＆LT; serviceBehaviors＆GT;
        ＆LT;行为NAME =休息＆GT;
          ＆LT; webAuthentication requireSecureTransport =假authenticationHandlerType =WcfRestContrib.ServiceModel.Dispatcher.WebBasicAuthenticationHandler，WcfRestContribusernamePasswordValidatorType =CMS.Backend.Services.SecurityValidator，CMS.Backend来源=CMS.Backend/＆GT;
          ＆LT;的ErrorHandler errorHandlerType =WcfRestContrib.ServiceModel.Web.WebErrorHandler，WcfRestContrib/＆GT;
          ＆LT; webErrorHandler returnRawException =真logHandlerType =CMS.Backend.Services.LogHandler，CMS.BackendunhandledErrorMessage =。发生错误处理您的请求，请联系以获得进一步帮助技术支持/＆GT;
        ＆LT; /行为＆GT;
      ＆LT; / serviceBehaviors＆GT;
  ＆LT; /行为＆GT;
  ＆LT; serviceHostingEnvironment aspNetCompatibilityEnabled =真/＆GT;
＆LT; /system.serviceModel>
 

我通过给所有匿名用户存取权限不包括认证服务的目录，这是造成我认为问题的一部分。

我的服务（信息）包含以下属性。

  [AspNetCompatibilityRequirements（RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed）
[ServiceConfiguration（休息，真）
公共类信息：IInfo
{
   //一些富hapens
}
 

该服务的web.config文件包含了这一点;

 ＆LT;＆的System.Web GT;
   ＆LT;授权＆GT;
     ＆LT;让用户=*/＆GT;
   ＆LT; /授权＆GT;
＆LT; /system.web>
 

每当我尝试了上面提供的URL做出我被重定向到该网站的登录页面上的 HTTP：//website.localhost/Logon 。我怎样才能prevent这种情况发生？据我所知在web.config应该是正确的。

- 最终的解决方案 -

我修改了web.config中像这样;

 ＆LT; sytem.web＆GT;
  //站点配置
＆LT; /system.web>＆所述;位置inheritInChildApplications =假＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;身份验证模式=表格＆GT;
        ＆LT;形式的名称=所有页loginUrl =〜/登录/超时=360enableCrossAp predirects =FALSE/＆GT;
      ＆LT; /认证＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
 

我也删除从我在前面的状态添加的web.config中此规则。 Apperently它违反了加入位置标签，并在服务的Web.config itsself

 ＆LT;位置路径=服务＆GT;
  ＆LT;＆的System.Web GT;
    ＆LT;授权＆GT;
      ＆LT;让用户=*/＆GT;
    ＆LT; /授权＆GT;
  ＆LT; /system.web>
  ＆LT; /地点＆gt;
 

解决方案

您应该美元是在关联的配置部分中指定，并驻留在相关应用的一个子目录中的应用继承了设置p $ pvent继承。

尝试到您的网站的System.Web部分投入位置部分：

 ＆LT;位置inheritInChildApplications =false的＆GT;
  ＆LT;＆的System.Web GT;
    ＆LT;！ - 你的网站系统Web设置 - ＆GT;
  ＆LT; /system.web>
＆LT; /地点＆gt;
 

希望它帮助。

In my previous question here i was experiencing difficulties with Authenticating webservices. With the use of the WcfRestContrib library which i found here i was able to solve this issue. I build a small testapplication and the authentication works like a charm.

But while i'm implementing this in the webapplication where i want to use the webservice authentication part, i keep getting the problem that the used Forms Authentication in the webapplication keeps redirecting me to the login page.

I've got the following configuration part in the web.config of my webapplication. This is the application where i'm trying to call the service by it's url;

http://website.localhost/Services/Info.svc/account

The web.config for the website.localhost contains the following parts;

<location path="Services">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

<system.serviceModel>
  <extensions>
      <behaviorExtensions>
        <add name="webAuthentication" type="WcfRestContrib.ServiceModel.Configuration.WebAuthentication.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
        <add name="errorHandler" type="WcfRestContrib.ServiceModel.Configuration.ErrorHandler.BehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
        <add name="webErrorHandler" type="WcfRestContrib.ServiceModel.Configuration.WebErrorHandler.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
      </behaviorExtensions>
  </extensions>
  <behaviors>
      <serviceBehaviors>
        <behavior name="Rest">
          <webAuthentication requireSecureTransport="false" authenticationHandlerType="WcfRestContrib.ServiceModel.Dispatcher.WebBasicAuthenticationHandler, WcfRestContrib" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, CMS.Backend" source="CMS.Backend"/>
          <errorHandler errorHandlerType="WcfRestContrib.ServiceModel.Web.WebErrorHandler, WcfRestContrib"/>
          <webErrorHandler returnRawException="true" logHandlerType="CMS.Backend.Services.LogHandler, CMS.Backend" unhandledErrorMessage="An error has occured processing your request. Please contact technical support for further assistance."/>
        </behavior>
      </serviceBehaviors>
  </behaviors>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

I'm excluding the Services directory from authentication by giving all anonymous users acces, this is the part causing problems i think.

My service (Info) contains the following attributes

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceConfiguration("Rest", true)]
public class Info : IInfo
{
   //Some foo hapens
}

The web.config of the service contains this;

<system.web>
   <authorization>          
     <allow users="*" />
   </authorization>
</system.web>

Whenever i try the above supplied url to make a call to the service i'm being redirected to the login page of the website on http://website.localhost/Logon. How can i prevent this from happening? As far as i know the web.config should be correct.

--THE FINAL SOLUTION--

I modified the web.config to look like this;

<sytem.web>
  //site config
</system.web>

<location inheritInChildApplications="false">
    <system.web>
      <authentication mode="Forms">
        <forms name="AllPages" loginUrl="~/Logon/" timeout="360" enableCrossAppRedirects="false" />
      </authentication>
    </system.web>
  </location>

I Also removed this rule from the web.config which i added in an earlier state. Apperently it conflicted with the added location tag and the web.config in the service itsself

<location path="Services" >
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
  </location>

解决方案

You should prevent inheritance of the settings that are specified in the associated configuration section and inherited by applications that reside in a subdirectory of the relevant application.

Try to put your site "system.web" section into "location" section:

<location inheritInChildApplications="false">
  <system.web>
    <!-- your site system web settings -->
  </system.web>
</location>

Hope it helpful.

这篇关于C＃REST Web服务的身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！