我有 WCF Web 服务(.Net 4.5 RTM)。
我想提供自定义的 IPrincipal 和 IIdentity 实现,所以我决定提供自定义的 ServiceAuthenticationManager。
奇怪的是 ServiceAuthenticationManager 被实例化了,但没有调用 Authenticate 方法。
所以,当我有这样的服务器配置时
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="basicHttpBinding" />
</protocolMapping>
<behaviors>
<serviceBehaviors>
<behavior name="EntityServiceBehavior">
<serviceAuthenticationManager
authenticationSchemes="None"
serviceAuthenticationManagerType="Belrost.Communication.EntityServiceAuthenticationManager, Belrost.Communication" />
<serviceAuthorization
impersonateCallerForAllOperations="false"
principalPermissionMode="Custom"
serviceAuthorizationManagerType="Belrost.Communication.EntityServiceAuthorizationManager, Belrost.Communication" />
<serviceCredentials>
<serviceCertificate
findValue="test.local"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
<serviceDebug
includeExceptionDetailInFaults="true"
httpsHelpPageEnabled="true"
httpsHelpPageUrl="https://test.local/service/belrost-help" />
<serviceMetadata
httpsGetEnabled="true"
httpsGetUrl="https://test.local/service/belrost-meta" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="EntityServiceBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service
name="Belrost.Server.EntityService"
behaviorConfiguration="EntityServiceBehavior">
<endpoint
address="https://test.local/service/belrost"
binding="basicHttpBinding"
bindingConfiguration="EntityServiceBinding"
bindingNamespace="http://schemas.triflesoft.org/"
contract="Belrost.Communication.IEntityContract" />
</service>
</services>
</system.serviceModel>
Authenticate 方法被调用,但由于 clientCredentialType="None" 没有提供授权信息。
当我在任何地方将 None 更改为 Basic 时,不再调用 Authenticate 方法(但是在 EntityServiceAuthenticationManager 构造函数中的断点被命中)并且我收到 SecurityTokenValidationException 并显示消息“LogonUser failed for the 'test' user。确保用户拥有有效的 Windows 帐户。”