1

我正在使用肥皂(wcf)构建服务。我想用一个密码和用户名让我的端点更加安全。当我尝试添加以下配置时,Windows Azure 会抛出以下错误:

错误:此配置部分不能在此路径中使用。当该部分锁定在父级别时会发生这种情况。锁定是默认情况下 (overrideModeDefault="Deny") 或由具有 overrideMode="Deny" 或旧 allowOverride="false" 的位置标记显式设置的。

Linecode 是:我必须在本地测试时在我的 IIS 中更改它,但显然我无法在 Windows Azure 平台上调整它?

我想做的就是使用自己的密码和用户名进行访问。是个

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.diagnostics>
    <trace>
      <listeners>
        <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
          <filter type="" />
        </add>
      </listeners>
    </trace>
  </system.diagnostics>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <customErrors mode="Off"/>
  </system.web>

  <system.serviceModel>

    <behaviors>
      <serviceBehaviors>
        <behavior name="credsBehavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata externalMetadataLocation="external metadata location" />

          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFServiceWebRole.CustomUserNameValidator, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="ServiceEndpointBehavior">
          <schemaValidator validateRequest="True" validateReply="False">
            <schemas>
              <add location="schemalocation" />
            </schemas>
          </schemaValidator>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="false" />

    <extensions>
      <behaviorExtensions>
        <add name="schemaValidator" type="WCFServiceWebRole.Validation.SchemaValidationBehaviorExtensionElement, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
      </behaviorExtensions>
    </extensions>

    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpsBinding_CvServiceInterface" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="01:00:00" openTimeout="01:00:00" closeTimeout="01:00:00" sendTimeout="01:00:00">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                        maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />

          <security mode="Transport">
              <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="WCFServiceWebRole.CvService" behaviorConfiguration="credsBehavior">
        <endpoint address="myendpoint" behaviorConfiguration="ServiceEndpointBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_CvServiceInterface" contract="ICvService" />
      </service>
    </services>

  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true" />

    <security>
      <authentication>
        <basicAuthentication enabled="true"/>
      </authentication>
    </security>
  </system.webServer>
</configuration>

<!--<system.webServer>
  <security>
    <authentication>
      <anonymousAuthentication enabled="false" />
      <basicAuthentication enabled="true" />
    </authentication>
  </security>
</system.webServer>-->

杰伦

4

2 回答 2

1

默认情况下,基本身份验证在 Windows Azure Web 角色中不可用。

在此处输入图像描述

您需要创建 2 个启动脚本:

用于安装基本身份验证的 Powershell 脚本

Import-Module ServerManager
Add-WindowsFeature Web-Basic-Auth

注意:这需要 Windows Server 2008 R2 中包含的 PowerShell 2.0(您需要将osFamily设置为 2 以获取 Windows Server 2008 R2:http: //msdn.microsoft.com/en-us/library/windowsazure/ ee758710.aspx )

将激活基本身份验证的 Bat 文件

%windir%\system32\inetsrv\appcmd set config /section:basicAuthentication /enabled:true

问题

为什么您甚至需要基本身份验证?如果我错了,请纠正我,但是 WCF 中的用户名/密码身份验证应该在没有 IIS 的情况下工作,所以我不明白为什么它需要基本身份验证才能工作。

于 2012-04-13T11:33:40.790 回答
1

就像 Sandrino 提到的那样,我不需要 basicauth 来获得使用自定义用户名和密码的授权和身份验证。

代替:

<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>

我必须做:

  <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None"/>
    <message clientCredentialType="UserName" />
  </security>

在客户端:

    ServiceReference1.CvServiceInterfaceClient cl = new ServiceReference1.CvServiceInterfaceClient();
    ClientCredentials creds = new ClientCredentials();

    creds.UserName.UserName = "username";
    creds.UserName.Password = "password";
    var defaultCredentials = cl.Endpoint.Behaviors.Find<ClientCredentials>();
    cl.Endpoint.Behaviors.Remove(defaultCredentials);
    cl.Endpoint.Behaviors.Add(creds);

杰伦

于 2012-04-17T20:12:04.280 回答