0

I am trying (desperately) to get a customer authentication provider working for my WCF service. So far I have the following code;

web.config

      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom"  customUserNamePasswordValidatorType="MyNamespace.CustomUserNameValidator, MyNamespace" />
      </serviceCredentials>

     <wsHttpBinding>
    <binding name="wsHttpBindingConfig" >
      <security mode="Message">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>

      <serviceBehaviors>
    <behavior>
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>

Custom authenticator class;

public class CustomUserNameValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        // have security details been provided?
        if (null == userName || null == password)
        {
            throw new ArgumentNullException();
        }

        // authenticate user
        if (!(userName == "test" && password == "test"))
        {
            // This throws an informative fault to the client.
            throw new FaultException("SecurityFailed");
        }
    }
}

Everything compiles ok, but when I use the WCF test client from visual studio to call a method called Ping (below), the custom authenticator never gets used. The Ping method just executes and any breakpoint I have in my CustomUserNameValidator class.

Why would this be? All help appreciated.

4

3 回答 3

1

在你拥有的那一行

customUserNamePasswordValidatorType="MyNamespace.CustomUserNameValidator, MyNamespace"

类型的第二部分(您当前有“MyNamespace”)应该是包含该类型的程序集的名称,没有任何文件扩展名。

请参阅此问题以获取更多帮助。

于 2010-11-09T14:43:19.443 回答
0

我已经获取了您提供的所有信息并创建了一个模板 web.config。我会设想它看起来像这样。

<system.serviceModel>
   <services>
     <service name="<YourNameSpace>.<ServiceName>" <behaviorConfiguration="<YourNameSpace>.<BehaviorName>">
      <endpoint
        address=""
        binding="wsHttpBinding"
        bindingConfiguration="wsHttpBindingConfig"
        contract="<YourNameSpace>.<ServiceInterface>"
      />
         <!--Notice the binding is mexHttpsBinding, default is http-->
      <endpoint 
        address="mex" 
        binding="mexHttpsBinding" 
        contract="IMetadataExchange" 
      />
     </service>
   </services>
<behaviors>
   <serviceBehaviors>
       <behavior name="<YourNameSpace>.<BehaviorName>">
          <!--Notice the httpsGetEnabled, default is http-->
      <serviceMetadata httpsGetEnabled="true"/>
           <serviceDebug includeExceptionDetailInFaults="false"/>
           <serviceCredentials>
              <userNameAuthentication
                 userNamePasswordValidationMode="Custom"                 
                 customUserNamePasswordValidatorType="<YourNameSpace>.CustomUserNameValidator, <YourNameSpace>"
              />
           </serviceCredentials>
       </behavior>
   </serviceBehaviors>
</behaviors>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpBindingConfig">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  <wsHttpBinding>
</bindings>

于 2010-11-10T14:49:14.350 回答
0

几点建议。

  1. WCFTestClient 不是最好的应用程序。最好使用 SOAPUI(可在 www.soapUI.org 下载)之类的工具。WCFTestClient 不会导入所有配置设置,也不是最好的测试方法。

  2. 当我使用 CustomAuthentication 时,我将绑定设置如下:

    <wsHttpBinding>  
    <binding name="wsHttpBindingConfig" >  
       <security mode="TransportWithMessageCredentials">  
         <message clientCredentialType="UserName" />  
       </security>  
    </binding>  
</wsHttpBinding>

我假设您会喜欢某种形式的安全性。在您的机器上使用自签名 SSL 证书进行测试非常容易。这里有更多关于如何做到这一点的信息。

于 2010-11-09T02:55:42.180 回答