1

我正在使用 Message Security 进行 WCF 身份验证。还有我的 clientCredentialType="UserName"。

即使我在访问服务时没有提供有效的用户名和密码,它也可以正常工作。

它应该进行身份验证,如果凭据正确,则只有它应该允许访问。`在此处输入代码代码如下: WCF服务行为部分:

 <behaviors>
      <serviceBehaviors>
        <behavior name="AuthenticationBehaviour">
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceAuthentication.Authenticator, WcfServiceAuthentication"/>            
          </serviceCredentials>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>

Web.config 中的 WCF 服务绑定部分

  <bindings>
        <wsHttpBinding>
          <binding name="Binding1">
            <security mode="Message">
              <message clientCredentialType="UserName" />
            </security>
          </binding>
        </wsHttpBinding>
      </bindings>

我的认证类

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.IdentityModel.Selectors;
using System.ServiceModel;
using log4net;
using System.Reflection;
namespace WcfServiceAuthentication
{
    public class Authenticator : UserNamePasswordValidator
    {
        private static ILog _logger = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
        public override void Validate(string userName, string password)
        {
            _logger.Info("Validate called with username:" + userName + " and password:" + password);

            if (null == userName || null == password)
            {
                throw new ArgumentNullException();
            }

            if (!(userName == "Admin" && password == "Admin123"))
            {
                // This throws an informative fault to the client.
                throw new FaultException("Unknown Username or Incorrect Password");
            }

            _logger.Info("End called");
        }
    }
}

我的身份验证服务

  [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)]
    public class AuthenticationService : IAuthenticationService
    {


        public int add(int num1, int num2)
        {
            return (num1 + num2);
        }
    }
}

和客户端应用程序:

 AuthenticationServiceClient proxy = new AuthenticationServiceClient();

            //proxy.ClientCredentials.UserName.UserName = "Admin";
            //proxy.ClientCredentials.UserName.Password = "Admin123";
            int addition= proxy.add(10, 10);
            return View();

在这里,即使我没有提供凭据, Add 方法也可以正常工作。它应该要求身份验证。

4

1 回答 1

0

通过添加以下标签来修改 Web 配置以启用身份验证服务。

<system.web.extensions>   <scripting>
<webServices>
  <authenticationService enabled="true" 
     requireSSL = "true"/>
</webServices>   </scripting> </system.web.extensions>

它应该被添加到 web 配置文件中。示例如下

<system.web.extensions>
  <scripting>
    <webServices>
      <authenticationService enabled="true" 
         requireSSL = "true"/>
    </webServices>
 </scripting>
 </system.web.extensions>
 <system.serviceModel>
   <services>
      <service name="System.Web.ApplicationServices.AuthenticationService"
         behaviorConfiguration="AuthenticationServiceTypeBehaviors">
           <endpoint contract=
         "System.Web.ApplicationServices.AuthenticationService"
          binding="basicHttpBinding"
          bindingConfiguration="userHttps" 
          bindingNamespace="http://asp.net/ApplicationServices/v200"/>
      </service>
   </services>
   <bindings>
    <basicHttpBinding>
        <binding name="userHttps">
            <security mode="Transport" />
        </binding>
    </basicHttpBinding>
   </bindings>
    <behaviors>
       <serviceBehaviors>
            <behavior name="AuthenticationServiceTypeBehaviors">
            <serviceMetadata httpGetEnabled="true"/>
    </behavior>
</serviceBehaviors>
   </behaviors>
    <serviceHostingEnvironment 
      aspNetCompatibilityEnabled="true"/>
     </system.serviceModel>
于 2013-04-29T05:30:21.197 回答