我正在寻找一些关于在使用如下 WCF 绑定进行消息交换期间实际用户名 + 密码(凭据)存储位置的技术细节。
<bindings>
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
然后在客户端应用程序中,我调用此服务传递一组有效的凭据,如下所示
using (SupplierServiceClient client = new SupplierServiceClient()) {
client.ClientCredentials.UserName.UserName = "admin";
client.ClientCredentials.UserName.Password = "password";
SupplierList = client.GetSupplierCollection();
}
起初,我假设 WCF 正在获取这些数据并将其放入 SOAP 标头中,但从 WSDL 中看起来并不是这样……有什么帮助吗?
编辑:
以下是客户端的安全配置在生产中的样子
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>