4

我有 WCF Web 服务(.Net 4.5 RTM)。

我想提供自定义的 IPrincipal 和 IIdentity 实现,所以我决定提供自定义的 ServiceAuthenticationManager。

奇怪的是 ServiceAuthenticationManager 被实例化了,但没有调用 Authenticate 方法。

所以,当我有这样的服务器配置时

<system.serviceModel>
    <protocolMapping>
        <add scheme="https" binding="basicHttpBinding" />
    </protocolMapping>

    <behaviors>
        <serviceBehaviors>
            <behavior name="EntityServiceBehavior">
                <serviceAuthenticationManager
                    authenticationSchemes="None"
                    serviceAuthenticationManagerType="Belrost.Communication.EntityServiceAuthenticationManager, Belrost.Communication" />
                <serviceAuthorization
                    impersonateCallerForAllOperations="false"
                    principalPermissionMode="Custom"
                    serviceAuthorizationManagerType="Belrost.Communication.EntityServiceAuthorizationManager, Belrost.Communication" />
                <serviceCredentials>
                    <serviceCertificate
                        findValue="test.local"
                        x509FindType="FindBySubjectName"
                        storeLocation="LocalMachine"
                        storeName="My" />
                </serviceCredentials>
                <serviceDebug
                    includeExceptionDetailInFaults="true"
                    httpsHelpPageEnabled="true"
                    httpsHelpPageUrl="https://test.local/service/belrost-help" />
                <serviceMetadata
                    httpsGetEnabled="true"
                    httpsGetUrl="https://test.local/service/belrost-meta" />
            </behavior>
        </serviceBehaviors>
    </behaviors>

    <bindings>
        <basicHttpBinding>
            <binding name="EntityServiceBinding">
                <security mode="Transport">
                    <transport clientCredentialType="None" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>

    <services>
        <service
            name="Belrost.Server.EntityService"
            behaviorConfiguration="EntityServiceBehavior">
            <endpoint
                address="https://test.local/service/belrost"
                binding="basicHttpBinding"
                bindingConfiguration="EntityServiceBinding"
                bindingNamespace="http://schemas.triflesoft.org/"
                contract="Belrost.Communication.IEntityContract" />
        </service>
    </services>
</system.serviceModel>

Authenticate 方法被调用,但由于 clientCredentialType="None" 没有提供授权信息。

当我在任何地方将 None 更改为 Basic 时,不再调用 Authenticate 方法(但是在 EntityServiceAuthenticationManager 构造函数中的断点被命中)并且我收到 SecurityTokenValidationException 并显示消息“LogonUser failed for the 'test' user。确保用户拥有有效的 Windows 帐户。”

4

0 回答 0