0

我正在尝试在我的 web 服务上设置身份验证,但是,在设置了继承自的验证类之后UserNamePasswordValidator,该服务仍然允许客户端在没有用户名或密码的情况下工作

网络服务

Imports System.IdentityModel.Selectors

Public Class Authentication
    Inherits UserNamePasswordValidator

        Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
            If Nothing = userName OrElse Nothing = password Then
                Throw New ArgumentNullException()
            End If

            If Not (userName = "1" AndAlso password = "2") Then
                ' This throws an informative fault to the client.
                Throw New FaultException("Unknown Username or Incorrect Password")
                ' When you do not want to throw an infomative fault to the client,
                ' throw the following exception.
                ' Throw New SecurityTokenException("Unknown Username or Incorrect Password")
            End If

        End Sub

    End Class

网页配置

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>

    <bindings>
      <basicHttpBinding>
        <binding name="Binding1">
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
              <endpoint binding="basicHttpBinding" contract="Webservice.IService1"
              behaviorConfiguration="webHttp"/>
      </service> 
    </services>

    <behaviors>
      <serviceBehaviors>

        <behavior name="ServiceBehavior">
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Webservice.Authentication, Webservice" />
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>


        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>

      <endpointBehaviors>
        <behavior name="webHttp">
          <webHttp/>
        </behavior>
      </endpointBehaviors>

    </behaviors>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

客户端

Dim client As Webservice.Service1Client = New Webservice.Service1Client()

'I was expecting this call to error as no username or password was produced

return client.getData(Data)

有什么我想念的吗?

谢谢

4

1 回答 1

0

您将需要更多配置才能使其正常工作。

但要得到你的错误,你需要实际使用你的bindingConfiguration.

因此,将您的端点配置更改为:

<services>
    <service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
            <endpoint binding="basicHttpBinding" contract="Webservice.IService1"
            bindingConfiguration="Binding1"/>
    </service> 
</services>

然后您将开始收到错误,希望能指导您创建正确的配置。

于 2015-08-24T14:23:26.037 回答