WCF认证 - TransportCredentialOnly与ASPNET会员 [英] WCF Authentication - TransportCredentialOnly with ASPNET Membership
问题描述
我觉得我很接近,但我在WCF一个新手,不明白为什么这是行不通的。我尝试过搜索,但我无法找到使用ASPNET成员,而无需使用消息级安全性的一个例子。我想从Android HTTPS验证到WCF服务。直到我从无到基本改变clientCredentialType它工作得很好。我必须通过用户名和密码进行身份验证。当我尝试通过运行对 HTTPS slsvcutil.exe更新我的代理://myPublicWebsite/ABCService/ABC.svc 它提供了以下错误:
I feel like I'm close but I'm a newbie at WCF and can't figure out why this is not working. I've tried searching, but I couldn't find an example of using aspnet membership without using message level security. I am trying to authenticate over https from Android to a WCF service. It works just fine until I change the clientCredentialType from 'None' to 'Basic'. I have to authenticate via username and password. When I try to update my proxy by running slsvcutil.exe against the https://myPublicWebsite/ABCService/ABC.svc it gives the following error:
主机('IntegratedWindowsAuthentication,无名氏')上配置不允许那些绑定basicHttpBinding的(基本)配置的身份验证方案。请确保SECURITYMODE设置为传送或TransportCredentialOnly。此外,这可以通过在元件改变认证方案为通过IIS管理工具本申请中,通过ServiceHost.Authentication.AuthenticationSchemes属性,应用程序配置文件中,通过对结合更新ClientCredentialType属性来解决,或者通过调节在HttpTransportBindingElement的AuthenticationScheme属性。
The authentication schemes configured on the host ('IntegratedWindowsAuthentication, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Basic'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
下面是我服务的web.config。感谢您的任何帮助,你可以给我。
Here is my web.config of the service. Thanks for any help you can give me.
<system.web>
<compilation debug="false" strict="false" explicit="true" targetFramework="4.0" />
<customErrors mode="Off" />
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<clear />
<add
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
applicationName="ABC"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="8"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
</system.web>
<system.serviceModel>
<services>
<service name="ABCService.ABC" behaviorConfiguration="metadataBehavior">
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="ABCBinding"
contract="ABCService.IService1"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="metadataBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="AspNetSqlMembershipProvider" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="ABCBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="false"/>
</system.webServer>
另外,我该怎么把服务的code运行验证检查?我有这样的:
Also, what do I put in the code of service to run the validation check? I have this:
Public Class MyCustomUserNameValidator
Inherits IdentityModel.Selectors.UserNamePasswordValidator
' This method validates users. It allows two users, test1 and test2
' with passwords 1tset and 2tset respectively.
' This code is for illustration purposes only and
' MUST NOT be used in a production environment because it is NOT secure.
Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
If Nothing = userName OrElse Nothing = password Then
Throw New ArgumentNullException()
End If
If Not (userName = "test1" AndAlso password = "1tset") AndAlso Not (userName = "test2" AndAlso password = "2tset") Then
Throw New IdentityModel.Tokens.SecurityTokenException("Unknown Username or Password")
End If
End Sub
End Class
但我并不真正了解它是如何工作的,因为我从来没有称呼它,我宁愿使用默认,一个比一个自定义的。我敢肯定,这是简单的,但我可以通过搜索找到的例子是自定义验证。这是否都会自动叫什么?还是我甚至需要它,如果我只是想默认?
But I don't really understand how it works because I never call it, and I would rather use a default one than a custom one. I'm sure this is simple, but all the examples I could find by searching are for 'custom' validators. Does this get called automatically? or do I even need it if I just want the default?
推荐答案
您使用IIS?您需要安装和启用IIS基本身份验证。
Are you using IIS? you need to install and enable basic authentication in IIS.
- 要安装:打开或关闭Windows组件,并启用基本
IIS下的身份验证。 - 要启用:
http://technet.microsoft.com/en-美国/库/ cc772009(v = ws.10)的.aspx
- To install: Turn On or Off Windows Components, and enable Basic Authentication under IIS.
- To enable: http://technet.microsoft.com/en-us/library/cc772009(v=ws.10).aspx
不过,即使启用了基本身份验证,则只能使用会员提供者和自定义验证的基于消息的安全性,当clientCredentialType设置为用户名。像TransportCredentialOnly交通运输纯基于安全模式是行不通的。
However, even if you enabled basic auth, you can only use membership providers and custom validators in message based security and when clientCredentialType set to UserName. Pure transport based security mode like TransportCredentialOnly and Transport will not work.
这应该工作的wsHttpBinding
This should work for wsHttpBinding
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
另一种可能性的wsHttpBinding和basicHttpBinding的
Another possibility for wsHttpBinding and basicHttpBinding
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
这篇关于WCF认证 - TransportCredentialOnly与ASPNET会员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
