0

在这里,我在 WCF RESTfull 服务中实现自定义 usernamepasswordvalidator。我需要的是在http://localhost:12229/RestServiceImpl.svc/GetStudentObj通过 Chrome REST 客户端调用这个时,它没有验证用户名密码。它直接调用这个方法并获取结果。我在这里做错了什么?

我的界面

 [ServiceContract]
    public interface IRestServiceImpl
    {
        [OperationContract]
        [WebInvoke(Method = "GET", UriTemplate = "/GetStudentObj", RequestFormat = WebMessageFormat.Json,
           ResponseFormat = WebMessageFormat.Json)]
        Student GetStudent();
    }

SVC

public class RestServiceImpl : IRestServiceImpl
    {
        public Student GetStudent()
        {
                Student stdObj = new Student
                {
                    StudentName = "Foo",
                    Age = 29,
                    Mark = 95
                };
                return stdObj;

        }

        public class CustomUserNameValidator : UserNamePasswordValidator
        {
           public override void Validate(string userName, string password)
            {

                if (null == userName || null == password)
                {
                    throw new ArgumentNullException("You must provide both the username and password to access this service");
                }

                if (!(userName == "user1" && password == "test") && !(userName == "user2" && password == "test"))
                {

                     throw new SecurityTokenException("Unknown Username or Incorrect Password");
                }
            }
        }

    }

和 Web.Config

 <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Basic"></transport>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <protocolMapping>
      <add scheme="http" binding="webHttpBinding"/>
    </protocolMapping>
    <services>
      <service name="RestService.RestServiceImpl" >
        <endpoint address="" binding="webHttpBinding" contract="RestService.IRestServiceImpl"></endpoint>
      </service>
    </services>
    <behaviors>
      <endpointBehaviors>
        <behavior>
          <webHttp />
        </behavior >
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="SecureRESTSvcTestBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="RESTfulSecuritySH.CustomUserNameValidator, RESTfulSecuritySH" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

有什么建议吗??

4

1 回答 1

0

您似乎没有为您的服务设置自定义行为。

您需要使用 behaviorConfiguration 属性告诉服务您的SecureRESTSvcTestBehavior行为:

<service name="RestService.RestServiceImpl" behaviorConfiguration="SecureRESTSvcTestBehavior">
    <endpoint address="" binding="webHttpBinding" contract="RestService.IRestServiceImpl"></endpoint>
</service>
于 2013-01-31T21:37:02.723 回答