如何在LogReceiverService(NLog)中启用安全性
本文关键字:启用 安全性 NLog LogReceiverService | 更新日期: 2023-09-27 18:21:51
我必须创建一个集中的日志存储库,我决定安装一个实现NLog的LogReceiverService的WCF服务(通过wsHttpBinding)。我按照这个主题找到了一个工作示例(在bitbucket中有一个工作代码)。
好的,现在的问题是:我想为这个WCF服务添加一些安全性,通过HTTPS公开它,也许还可以添加一个身份验证令牌。我之前已经编程过这种身份验证,所以我知道如何做到,只是我不知道如何在NLog中编程。我应该修改NLog调用WCF方法的类吗?我只是无法想象如何做到这一点。任何关于如何实现这一功能的想法都将不胜感激。
我终于能够做到这一点了。
让我告诉你,我能够配置所需的行为:)
首先,我们将服务器配置如下:
WCFService的web.config的System.ServiceModel的配置为:
<system.serviceModel>
<services>
<service name="Your.Namespace.Path.To.Your.Service" behaviorConfiguration="SecureBehavior">
<endpoint binding="wsHttpBinding" bindingConfiguration="SecureBinding" contract="NLog.LogReceiverService.ILogReceiverServer"/>
<endpoint binding="mexHttpBinding" contract="IMetadataExchange" address="mex"/>
<host>
<baseAddresses>
<add baseAddress="https://your_secure_domain.com/servicePath"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SecureBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpsGetEnabled="true"/>
<serviceCredentials>
<!--You must set your certificate configuration to make this example work-->
<serviceCertificate findValue="0726d1969a5c8564e0636f9eec83f92e" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySerialNumber"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AssamblyOf.YourCustom.UsernameValidator.UsernameValidator, AssamblyOf.YourCustom.UsernameValidator"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="SecureBinding" closeTimeout="00:00:20" openTimeout="00:00:20" receiveTimeout="00:00:20" sendTimeout="00:00:20">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
CustomUserNameValidator
public class UsernameValidator : UserNamePasswordValidator
{
private const string UserName = "your_username_here";
private const string Password = "your_password_here";
public override void Validate(string userName, string password)
{
// validate arguments
if (string.IsNullOrEmpty(userName))
throw new ArgumentNullException("userName");
if (string.IsNullOrEmpty(password))
throw new ArgumentNullException("password");
//
// Nombre de usuario y contraseñas hardcodeados por seguridad
//
if (!userName.Equals(UserName) || !password.Equals(Password))
throw new SecurityTokenException("Nombre de usuario o contraseña no válidos para consumir este servicio");
}
}
然后我们转到客户端配置
首先,从LogReceiverWebServiceTarget创建一个继承的类,然后覆盖方法CreateWcfLogReceiverClient,然后在该方法中添加凭据。
// we assume that this class is created in NLog.CustomExtendedService namespace
[Target("LogReceiverSecureService")]
public class LogReceiverSecureService : NLog.Targets.LogReceiverWebServiceTarget
{
/// <summary>
/// Gets or sets the UserName of the service when it's authentication is set to UserName
/// </summary>
/// <value>The name of the endpoint configuration.</value>
public string ServiceUsername { get; set; }
/// <summary>
/// Gets or sets de Password of the service when it's authentication is set to UserName
/// </summary>
public string ServicePassword { get; set; }
/// <summary>
/// Creates a new instance of WcfLogReceiverClient.
///
/// We make override over this method to allow the authentication
/// </summary>
/// <returns></returns>
protected override NLog.LogReceiverService.WcfLogReceiverClient CreateWcfLogReceiverClient()
{
var client = base.CreateWcfLogReceiverClient();
if (client.ClientCredentials != null)
{
//
// You could use the config file configuration (this example) or you could hard-code it (if you do not want to expose the credentials)
//
client.ClientCredentials.UserName.UserName = this.ServiceUsername;
client.ClientCredentials.UserName.Password = this.ServicePassword;
}
return client;
}
}
然后我们设置应用程序的配置文件
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ILogReceiverServer">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://your_secure_domain.com/servicePath/Logger.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ILogReceiverServer" contract="NLog.LogReceiverService.ILogReceiverClient"
name="WSHttpBinding_ILogReceiverServer" />
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
最后,我们配置NLog.config
<extensions>
<add assembly="NLog.CustomExtendedService" /> <!--Assuming the custom Target was added to this assambly -->
</extensions>
<targets>
<target xsi:type="LogReceiverSecureService"
name="RemoteWcfLogger"
endpointConfigurationName="WSHttpBinding_ILogReceiverServer"
endpointAddress="https://your_secure_domain.com/servicePath/Logger.svc"
ServiceUsername="your_username_here"
ServicePassword="your_password_here"
useBinaryEncoding="True"
clientId="YourApplicationNameOrId"
includeEventProperties="True">
</target>
</targets>
我在NLog的谷歌群组上发布了完整的答案,所以请尽情享受https://groups.google.com/d/msg/nlog-users/Xryu61TaZKM/Utbvrr5mwA0J