WCF身份验证没有';t提示输入凭据
本文关键字:提示 输入 身份验证 WCF | 更新日期: 2023-09-27 18:28:50
我创建了一个测试WCF应用程序,试图在其中使身份验证工作,但它只是运行我的方法,不要求我登录/身份验证。以下是WCF应用程序中web.config中的代码片段:
<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyAPI.Authorization, App_Code" />
</serviceCredentials>
我的授权类别:
public class Authorization : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
{
// This throws an informative fault to the client.
throw new FaultException("Unknown Username or Incorrect Password");
// When you do not want to throw an infomative fault to the client,
// throw the following exception.
// throw new SecurityTokenException("Unknown Username or Incorrect Password");
}
}
}
我的服务.svc.cs类
public string Hello(string message)
{
return "You typed: " + message;
}
我应该把一些属性放在这个方法之上以要求身份验证还是放在类之上?
然后我创建了一个测试控制台应用程序,下面是代码:
public static Test.Service1Client client = new Test.Service1Client();
static void Main(string[] args)
{
Console.WriteLine(client.Hello("hello"));
Console.ReadLine();
}
这只是输出"You-typed:hello"而不要求身份验证。以下是我的app.config:的片段
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://MyServer/Service1.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IService1" contract="Test.IService1"
name="BasicHttpBinding_IService1" />
</client>
</system.serviceModel>
我希望在调用client.Hello("hello")之前必须设置登录凭据,方法是:
client.ClientCredentials.UserName.UserName = "test1";
client.ClientCredentials.UserName.Password = "1tset";
但显然不是
编辑
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyAPI.Authorization, App_Code" />
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
看起来您使用了错误的绑定,当您在服务器上定义WsHttpBinding时,客户端正在使用BasicHttpBinding。
WCF/IIS将神奇地连接您的服务,而无需配置(无法立即记住此功能的名称…)。但是,您正在定义一些自定义绑定配置-这很好,但您需要告诉您的服务使用它。
您需要在服务器的配置中添加一个<service>元素,类似于:
<system.serviceModel>
...
<services>
<service name="FullClassNameOfYourService">
<endpoint binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="FullClassNameOfYourServiceContract" />
</service>
</services>
此外,您的客户端配置不包含wsHttpBinding元素,这表明托管您的服务的网站没有启用HTTPS。
您的用户名验证不正确。customUserNamePasswordValidatorType的格式必须为"[完全限定的程序集+类名],[命名空间]"。我无法从你的帖子中判断出你的命名空间是什么,但类似于:
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="MyNamespace.Authorization , MyNamespace" />
正如其他人所说,您的客户端必须使用相同的绑定类型才能连接到服务。
此外,在服务器端,您已将"安全模式"设置为"无",但您有一个传输和一个消息标记。在安全标签中。如果您将"无"作为安全措施,则会忽略任何传输和消息安全规范。换句话说,在安全模式为None的情况下,客户端凭据类型将被忽略,因此客户端不必进行身份验证。
您使用的WCF 4有一个简化的配置文件。它有其优点,但调试起来更困难。我怀疑您的自定义wshttpbinding没有应用。尝试更详细的配置(如wcf 3.5):
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService6.Service1Behavior"
name="WcfService6.Service1">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"
contract="WcfService6.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService6.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>