在使用基于 WCF 构建的 API 时,确保您只需要进行一次身份验证的最佳方法是什么?
下面列出了我当前的绑定和行为
<bindings>
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="NorthwindBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
接下来是我在客户端应用程序中用来进行身份验证的内容(目前我每次想调用 WCF 时都必须这样做)
Dim client As ProductServiceClient = New ProductServiceClient("wsHttpProductService")
client.ClientCredentials.UserName.UserName = "foo"
client.ClientCredentials.UserName.Password = "bar"
Dim ProductList As List(Of Product) = client.GetProducts()
我想做的是使用这些凭据对 API 进行身份验证,然后在我的客户端应用程序使用 Web 服务项目的时间段内获取某种类型的令牌。我认为establishsecuritycontext=true 是为我做的吗?