WCF的基本身份验证 [英] Basic Authentication for WCF
问题描述
我试图做的WCF一个很基本的,但安全的用户名/密码认证。
然而,当我在看的值 ServiceSecurityContext.Current.PrimaryIdentity;
它包含了我的Windows机器的凭据,并声称它是授权(即使我还没有做过任何授权),而不是我对服务提供的用户名和密码<。 / p>
我的服务的web.config文件如下:
< ?XML版本=1.0>?;
<结构>
<&的appSettings GT;
<添加键=ASPNET:UseTaskFriendlySynchronizationContextVALUE =真/>
< /的appSettings>
<&的System.Web GT;
<编译调试=真targetFramework =4.5/>
<的httpRuntime targetFramework =4.5/>
< /system.web>
< system.serviceModel>
<&行为GT;
< serviceBehaviors>
<&行为GT;
<! - 为了避免泄露的元数据信息,在部署之前设置以下为false值 - >
< serviceMetadata httpGetEnabled =真httpsGetEnabled =真/>
<! - 要接收的异常细节的故障进行调试,下面设置为true值。设置为false部署之前,以避免泄露异常信息 - >
< serviceDebug includeExceptionDetailInFaults =真/>
< /行为>
< / serviceBehaviors>
< /行为>
<&绑定GT;
<&的wsHttpBinding GT;
<绑定名称=WsHttpBindingConfig>
<安全模式=TransportWithMessageCredential>
<运输clientCredentialType =无/>
<消息clientCredentialType =用户名/>
< /安全>
< /&结合GT;
< /&的wsHttpBinding GT;
< /绑定>
< protocolMapping>
<添加绑定=的wsHttpBinding计划=HTTP/>
< / protocolMapping>
< serviceHostingEnvironment aspNetCompatibilityEnabled =真multipleSiteBindingsEnabled =真/>
< /system.serviceModel>
< system.webServer>
<模块runAllManagedModulesForAllRequests =真/>
< - !
。要调试过程中浏览Web应用程序根目录,下面设置为true值。
设置为false部署之前,以避免泄露Web应用程序文件夹的信息。
- >
<启用directoryBrowse =真/>
< /system.webServer>
< /结构>
和客户端应用程序在app.config如下:
<?XML版本=1.0编码=UTF-8>?;
<结构>
<&启动GT;
< supportedRuntime版本=V4.0SKU =.net框架,版本= V4.5/>
< /启动>
< system.serviceModel>
<&绑定GT;
<&的wsHttpBinding GT;
<绑定名称=WSHttpBinding_IService1/>
< /&的wsHttpBinding GT;
< /绑定>
<客户端>
<端点地址=HTTP://localhost/WcfSecuredService/Service1.svc
结合=的wsHttpBindingbindingConfiguration =WSHttpBinding_IService1
合同=ServiceReference1.IService1NAME = WSHttpBinding_IService1>
< /端点>
< /客户>
< /system.serviceModel>
< /结构>
我把下面的代码
服务
ServiceReference1.Service1Client CLNT =新ServiceReference1.Service1Client();
clnt.ClientCredentials.UserName.UserName =彼得;
clnt.ClientCredentials.UserName.Password =GRR;
字符串结果= clnt.GetSecuredData();
我在做什么错了?
请注意,无论是客户端应用程序和服务都在同一台机器上运行。我不知道的身份是该机器的运行的服务或所述一个传递给它从客户机,因为它们都是相同的凭证.....
我想其他的问题可能是我如何被传递到服务的用户名和密码?
我现在已经制定了这一点。
我需要创建一个自定义的验证类,我发现这里的如何:使用自定义用户名和密码验证
我还需要向Web一些变化的.config
<?XML版本=1.0>?;
<结构>
<&的appSettings GT;
<添加键=ASPNET:UseTaskFriendlySynchronizationContextVALUE =真/>
< /的appSettings>
<&的System.Web GT;
<编译调试=真targetFramework =4.5/>
<的httpRuntime targetFramework =4.5/>
< /system.web>
< system.serviceModel>
<&行为GT;
< serviceBehaviors>
<&行为GT;
< serviceCredentials>
< userNameAuthentication userNamePasswordValidationMode =自定义customUserNamePasswordValidatorType =WcfService1Secure.Auth,WcfService1Secure/>
< / serviceCredentials>
<! - 为了避免泄露的元数据信息,在部署之前设置以下为false值 - >
< serviceMetadata httpGetEnabled =真httpsGetEnabled =真/>
<! - 要接收的异常细节的故障进行调试,下面设置为true值。设置为false部署之前,以避免泄露异常信息 - >
< serviceDebug includeExceptionDetailInFaults =真/>
< /行为>
< / serviceBehaviors>
< /行为>
<&绑定GT;
<&的wsHttpBinding GT;
<绑定名称=WsHttpBindingConfig>
<安全模式=TransportWithMessageCredential>
<运输clientCredentialType =无/>
<消息clientCredentialType =用户名/>
< /安全>
< /&结合GT;
< /&的wsHttpBinding GT;
< /绑定>
< protocolMapping>
<添加绑定=的wsHttpBinding计划=https开头bindingConfiguration =WsHttpBindingConfig/>
< / protocolMapping>
< serviceHostingEnvironment aspNetCompatibilityEnabled =真multipleSiteBindingsEnabled =真/>
< /system.serviceModel>
< system.webServer>
<模块runAllManagedModulesForAllRequests =真/>
< - !
。要调试过程中浏览Web应用程序根目录,下面设置为true值。
设置为false部署之前,以避免泄露Web应用程序文件夹的信息。
- >
<启用directoryBrowse =真/>
< /system.webServer>
< /结构>
和在app.config
<?XML版本=1.0编码=UTF-8>?;
<结构>
<&启动GT;
< supportedRuntime版本=V4.0SKU =.net框架,版本= V4.5/>
< /启动>
< system.serviceModel>
<&绑定GT;
<&basicHttpBinding的GT;
<绑定名称=BasicHttpBinding_IService1/>
< / basicHttpBinding的>
<&的wsHttpBinding GT;
<绑定名称=WSHttpBinding_IService1>
<安全模式=TransportWithMessageCredential>
<运输clientCredentialType =无/>
<消息clientCredentialType =用户名/>
< /安全>
< /&结合GT;
< /&的wsHttpBinding GT;
< /绑定>
<客户端>
<端点地址=HTTPS://localhost/WcfService1Secure/Service1.svc
结合=的wsHttpBindingbindingConfiguration =WSHttpBinding_IService1
合同=ServiceReference1.IService1NAME = WSHttpBinding_IService1/>
< /客户>
< /system.serviceModel>
< /结构>
现在该用户已通过认证的请求和用户名可以使用
ServiceSecurityContext.Current.PrimaryIdentity;
块引用>I am trying to do a very basic but secure username/password authentication with wcf.
However when I look at the value of the
ServiceSecurityContext.Current.PrimaryIdentity;
it contains the credentials of my windows machine and claims it is authorised (even though I have not yet done any authorisation) instead of the username and password I provided to the service.My web.config of the service is as follows
<?xml version="1.0"?> <configuration> <appSettings> <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" /> </appSettings> <system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5"/> </system.web> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior> <!-- To avoid disclosing metadata information, set the values below to false before deployment --> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true"/> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WsHttpBindingConfig"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <protocolMapping> <add binding="wsHttpBinding" scheme="http" /> </protocolMapping> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> <!-- To browse web app root directory during debugging, set the value below to true. Set to false before deployment to avoid disclosing web app folder information. --> <directoryBrowse enabled="true"/> </system.webServer> </configuration>
and the app.config of the client app is as follows
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IService1" /> </wsHttpBinding> </bindings> <client> <endpoint address="http://localhost/WcfSecuredService/Service1.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1" contract="ServiceReference1.IService1" name="WSHttpBinding_IService1"> </endpoint> </client> </system.serviceModel> </configuration>
I call the service with the following code
ServiceReference1.Service1Client clnt = new ServiceReference1.Service1Client(); clnt.ClientCredentials.UserName.UserName = "peter"; clnt.ClientCredentials.UserName.Password = "grr"; string result=clnt.GetSecuredData();
What am I doing wrong?
Please note that both the client app and the service are both running on the same machine. I do not know if the identity is that of the machine running the service or the one passed to it from the client as they are both the same credentials.....
I suppose the other question is possibly "How do I get the username and password that were passed to the service?"
解决方案I have worked this out now
I needed to create a custom validation class which I found here How to: Use a Custom User Name and Password Validator
I also needed to make a few changes to the web.config
<?xml version="1.0"?> <configuration> <appSettings> <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" /> </appSettings> <system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5"/> </system.web> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfService1Secure.Auth,WcfService1Secure" /> </serviceCredentials> <!-- To avoid disclosing metadata information, set the values below to false before deployment --> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true"/> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="WsHttpBindingConfig"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <protocolMapping> <add binding="wsHttpBinding" scheme="https" bindingConfiguration="WsHttpBindingConfig" /> </protocolMapping> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> <!-- To browse web app root directory during debugging, set the value below to true. Set to false before deployment to avoid disclosing web app folder information. --> <directoryBrowse enabled="true"/> </system.webServer> </configuration>
and the app.config
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_IService1" /> </basicHttpBinding> <wsHttpBinding> <binding name="WSHttpBinding_IService1"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" /> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="https://localhost/WcfService1Secure/Service1.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1" contract="ServiceReference1.IService1" name="WSHttpBinding_IService1" /> </client> </system.serviceModel> </configuration>
Now the user is validated on the request and the username is available using
ServiceSecurityContext.Current.PrimaryIdentity;
这篇关于WCF的基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!