1

我是 WCF 服务的新手。我想使用basichttpbinding创建一个 WCF 服务,以便在访问我的 WCF 服务之前创建一个自定义身份验证机制。我使用了 security mode = Transportclientcredentialtype = basic。我编写了一个自定义验证器函数来验证我的用户名和密码。

验证器功能

namespace CustomValidator

 {
  public class MyCustomValidator : UserNamePasswordValidator

   {
      public override void Validate(string userName, string password)
     {
         // This isn't secure, though!
        if ((userName != "check") || (password != "check"))
        {
            throw new SecurityTokenException("Validation Failed!");
        }
    }
  }
}

这是我的服务配置文件

  < ?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <identity impersonate="false" />
</system.web>
<system.serviceModel>
    <diagnostics>
        <endToEndTracing activityTracing="true" messageFlowTracing="true" propagateActivity="true"></endToEndTracing>
    </diagnostics>


    <bindings>
     <basicHttpBinding>
     <binding name="BasicHttpEndpointBinding">
       <security mode="Transport">
        <transport clientCredentialType="Basic" />
       <!--  <message clientCredentialType="UserName" />-->
       </security>
      </binding>
    </basicHttpBinding>
     </bindings>
    <services>
        <service behaviorConfiguration="ServiceBehavior" name="Service">
            <endpoint address="" binding="basicHttpBinding"    name="BasicHttpEndpoint" bindingConfiguration="BasicHttpEndpointBinding" contract="IService">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding"   contract="IMetadataExchange" />
        </service>
    </services>

    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="false" />
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="false" />
                <serviceCredentials>

                    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="CustomValidator.MyCustomValidator, App_Code" />

                    </serviceCredentials>
                </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <security>
        <authentication>
            <basicAuthentication enabled="true" />
            <anonymousAuthentication enabled="false" />
            <windowsAuthentication enabled="false" />

        </authentication>

    </security>
</system.webServer>
  </configuration>

所以这里的问题是,每当我运行我的服务时,如果我输入用户名和密码(我的验证器希望用户名和密码相同),我会得到一个登录对话框,我没有得到我的服务详细信息页面,它曾经来在正常情况下(没有身份验证机制)。我不知道我错过了什么,我确实觉得它的全部配置对我来说很重要,但我仍然无法找出错误。

4

1 回答 1

0

已创建并共享了一个用户名密码验证的演示项目。它工作正常。请检查

https://onedrive.live.com/redir?resid=3FE322C74D6AA4D1%21169

您可以使用内部提供的 SelfCert 创建名称为TrustedPeople的证书,存储位置LocalMachine

于 2014-03-13T13:01:00.667 回答