1

使用用户名和密码时,WCF 服务有点新。我按照http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti上的教程进行操作,以便使用用户名和密码保护我的 Web 服务。

我的配置文件如下

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.web>
    <compilation debug="false" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="NewBehavior0" name="TService">
        <endpoint address="mex" binding="mexHttpBinding" contract="ITechnology" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="NewBinding0">
          <security>
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="NewBehavior0">
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="Server" storeLocation="CurrentUser"
          storeName="TrustedPeople" x509FindType="FindBySubjectName" />
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TService, Services1"/>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

现在我可以在浏览器中查看 WDSL,并且我知道证书在本地按预期工作。当我使用 WCF 测试工具连接到服务时,它不会提示我输入用户名和密码。

根据我发布的链接,我什至没有完成最后一步(添加代码以传递用户名和密码),但我仍然可以连接到服务并检索所有数据。

我错过了什么,我怎么能限制只有用户名和密码允许用户/服务检索数据的服务?

编辑1:

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="NewBehavior0" name="TechService">
        <endpoint address="mex" binding="mexHttpBinding" contract="ITechService" />
       <endpoint address="TechService.svc" binding="wsHttpBinding" bindingConfiguration="" contract="ITechService" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="NewBinding0">
          <security>
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="NewBehavior0">
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="Server" storeLocation="CurrentUser"
              storeName="TrustedPeople" x509FindType="FindBySubjectName" />
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TechService, Services1"/>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>
4

1 回答 1

1

基于对链接的 CodeProject 页面的快速查看,您的配置文件似乎有点偏离(因为它并不表示任何端点实际上正在使用客户端凭据类型)。

“NewBinding0”指定 clientCredentialType="Certificate" 但文章指出该值应为:

<binding name="NewBinding0">
    <security mode="Message">
        <message clientCredentialType="UserName"/>
    </security>
</binding>

此外,服务定义只定义了一个“mex”(元数据)端点。您很可能希望定义一个 wsHttpBinding.. 端点,该端点使用指定 clientCredentialType="UserName" 的更正绑定。

<endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"/>

希望这可以帮助。
问候,

于 2013-10-15T10:53:55.677 回答