自定义WCF身份验证System.ServiceModel.ServiceAuthenticationManager? [英] Custom WCF authentication with System.ServiceModel.ServiceAuthenticationManager?
问题描述
我工作的自定义WCF身份验证和授权,并发现有关的 UserNamePasswordValidator 的一些文章和 ServiceAuthorizationManager 的
I'm working on custom WCF authentication and authorization and found some articles about UserNamePasswordValidator and ServiceAuthorizationManager.
我也发现有关使用自定义线索的 System.ServiceModel。 ServiceAuthenticationManager 的(死链接的),但MSDN不告诉你很多关于它(的http://msdn.microsoft.com/en-us/library/system.servicemodel.serviceauthenticationmanager.aspx )。
I also found clues about using a custom System.ServiceModel.ServiceAuthenticationManager (dead link ), but msdn does not tell a lot about it ( http://msdn.microsoft.com/en-us/library/system.servicemodel.serviceauthenticationmanager.aspx ).
所以我在这里:任何人都更了解ServiceAuthenticationManager
So here I am: anyone knows more about ServiceAuthenticationManager ?
在一般情况下,你会怎么设置自定义WCF身份验证?
In general, how would you set up custom WCF authentication ?
推荐答案
您说的没错,在这个文件是没有帮助的。
You're right, the documentation on this is no help at all.
我已经使用这个类的方法如下。重写身份验证()方法:
The way I have used this class is as follows. Override the Authenticate() method to:
- 拉动认证令牌(如用户名/密码)出传入消息
- 验证令牌,并使用它们来创建一个IPrincipal对象。这将是在服务操作的调用过程中使用的主体。
- 添加IPrincipal对象的集合message.Properties,因此它可以在后面的WCF处理管道中使用
因为它是由WCF日后发生变化,你不能仅仅设置在这一点上螺纹主体。
You can't just set the thread principal at this point as it is changed later on by WCF.
在ServiceAuthenticationManager.Authenticate的code()方法会是这个样子:
The code in the ServiceAuthenticationManager.Authenticate() methods would look something like this:
public override ReadOnlyCollection<IAuthorizationPolicy> Authenticate(ReadOnlyCollection<IAuthorizationPolicy> authPolicy, Uri listenUri, ref Message message)
{
int tokenPosition = message.Headers.FindHeader("Token", "http://customnamespace.org");
string token = message.Headers.GetHeader<string>(tokenPosition);
IPrincipal user = new CustomPrincipal(token);
message.Properties["Principal"] = user;
return authPolicy;
}
然后添加自定义授权策略
Then you add a custom authorization policy that
- 检索从消息中的IPrincipal(使用System.ServiceModel.EvaluationContext.Current.IncomingMessageProperties集合)。
- 推的IPrincipal到EvaluationContext.Properties集合
- 使基础上,IPrincipal.IsInRole()方法 索赔
在IAuthorizationPolicy()方法code看起来像
The code in the IAuthorizationPolicy() method would look like
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal;
evaluationContext.Properties["Principal"] = user;
evaluationContext.Properties["Identities"] = new List<IIdentity> { user.Identity };
IList<Claim> roleClaims = this.GetRoleClaims(user);
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, roleClaims));
return true;
}
在服务行为的配置,你需要为了WCF设置的IPrincipal为实际服务操作调用执行线程上的主要设置principalPermissionMode =自定义。
In the service behaviour configuration, you need to set principalPermissionMode="Custom" in order for WCF to set the IPrincipal as the principal on the executing thread for the actual service operation invocation.
<serviceAuthorization principalPermissionMode="Custom"...
这篇关于自定义WCF身份验证System.ServiceModel.ServiceAuthenticationManager?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!