4

错误[a:InvalidSecurity] An error occurred when verifying security for the message.

我尝试像这样调用我的服务。

php

<?php
    $soapURL = "https://localhost:8888/wcf/?wsdl" ;
    $soapParameters = Array('userName' => "user23", 'password' => "pass123") ;

    $soapClient = new SoapClient($soapURL, $soapParameters);

    var_dump($soapClient->GetVersion());
?>

我之前在没有身份验证的情况下让它工作,所以我相信错误出在 php 代码或 WCF 上的 app.config 中。

这是我的app.config

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <services>
      <service
        behaviorConfiguration="MYDLL.Behavior"
        name="MYDLL.WCFService">
        <endpoint
          address=""
          binding="basicHttpBinding"
          bindingConfiguration="UsernameAndSSL"
          name="basicHttpBinding"
          contract="MYDLL.IService"/>
        <endpoint
          address="mex"
          binding="mexHttpsBinding"
          bindingConfiguration=""
          name="MexBinding"
          contract="IMetadataExchange"/>
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:8734/wcf/"/>
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MYDLL.Behavior">
          <serviceMetadata httpsGetEnabled="true"/>
            <serviceCredentials>
              <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MYDLL.CustomUserNameValidator, MYDLL"/>
              <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            </serviceCredentials>
          <useRequestHeadersForMetadataAddress />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <basicHttpBinding>
        <binding name="UsernameAndSSL">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Basic"/>
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
  </startup>
</configuration>

和自定义用户名验证器

public class CustomUserNameValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        Console.WriteLine("User validation succeeded (Username: {0}; Password: {1})", userName, password);
    }
}

我没有得到的是,如果故障出在我的 php 代码或配置中。consolewrite没有运行,我只是得到了invalidSecurity异常,所以它似乎知道我有一个它找不到的自定义用户名验证?

4

1 回答 1

4

我为同样的问题苦苦挣扎了几个星期,终于让 PHP 客户端使用我的 WCF 服务进行身份验证。这种配置是我目前在生产中使用的。

首先,您必须启用匿名身份验证和基本身份验证。您必须打开匿名,以便客户端在进行身份验证之前可以读取 WSDL。即使启用了匿名身份验证,他们也将无法在没有先经过身份验证的情况下使用您的服务。

将其放入您的 web.config 或直接在 IIS 中打开匿名和基本身份验证:

<security>
   <authentication>
      <anonymousAuthentication enabled="true" />
      <basicAuthentication enabled="true" />
   </authentication>
</security>

然后设置您的 WCF 安全性以使用基本身份验证和传输安全性:

<bindings>
  <basicHttpBinding>
    <binding name="SSLBinding">
      <security mode="Transport">
        <transport clientCredentialType="Basic" />
      </security>
    </binding>        
  </basicHttpBinding>
</bindings>

这是我的行为:

<behaviors>
  <serviceBehaviors>
    <behavior name="SSLBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceSecurityAudit auditLogLocation="Application"
                            serviceAuthorizationAuditLevel="Failure"
                            messageAuthenticationAuditLevel="Failure"
                            suppressAuditFailure="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

使用它来装饰你的方法来控制谁可以访问什么:

[PrincipalPermission(SecurityAction.Demand, Role = @"DOMAIN\ActiveDirectoryGroup")]

使用此设置,PHP 客户端应该能够获取 WSDL,然后在授权后调用您的方法:

$url = 'https://domain.com/service.svc?wsdl';

$username = 'username';
$password = 'password';

$options = array(
    'login' => $username,
    'password' => $password,
    'soap_version' => SOAP_1_1,
    'exceptions' => true,
    'trace' => 1,
    'cache_wsdl' => WSDL_CACHE_NONE,
    'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP,
    'connection_timeout' => 60
);

$client = new SoapClient($url, $options);

$obj = new YourObject();

$obj->MyProperty = 'Test';
$obj->MyOtherProperty = 'Testing';

$result = $client->WCFMethodName(array('paramName' => $obj));

PHP 代码中的参数名称与 WCF 参数名称完全匹配(区分大小写)非常重要。

于 2013-02-23T11:31:25.367 回答