处理此问题的一种方法是创建三个对象。
- 消息检查器,负责分析请求/响应
- 服务行为,自动将检查器注入管道
- 配置部分,允许在 web.config 中使用行为
首先通过实现 IDispatchMessageInspector 并将验证代码放在 AfterReceiveRequest 方法中来创建消息检查器:
public class HmacVerificationInspector : IDispatchMessageInspector
{
#region IDispatchMessageInspector Members
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request,
System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
MessageBuffer buffer = request.CreateBufferedCopy(Int32.MaxValue);
request = buffer.CreateMessage();
Message dupeRequest = buffer.CreateMessage();
ValidateHmac(dupeRequest);
buffer.Close();
return null;
}
public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply,
object correlationState)
{
}
#endregion
}
在阅读消息时创建消息的缓冲副本很重要。消息只能打开一次,不创建副本会导致管道出现问题。如果失败,我的 ValidateHmac 实现会引发异常。这可以防止调用实际的服务。
其次,为您的检查员创建一个行为。我们将使用该行为将检查器注入 WCF 运行时。要创建行为,请从 IEndpointBehavior 派生一个类,使其看起来像这样
public class HmacVerificationBehavior : IEndpointBehavior
{
#region IEndpointBehavior Members
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
}
public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
HmacVerificationInspector inspector = new HmacVerificationInspector();
endpointDispatcher.DispatchRuntime.MessageInspectors.Add(inspector);
}
public void Validate(ServiceEndpoint endpoint)
{
}
#endregion
}
请注意,我创建了我的检查器 ( HmacVerificationInspector) 的一个新实例,并以编程方式将其注入运行时。
最后,最后一步是创建配置部分。我们可以使用它来应用 Web 配置中的行为(从而能够通过配置打开和关闭它)。创建一个新类并从 BehaviorExtensionElement 和 IServiceBehavior 继承:
public class HmacVerificationConfigurationSection : BehaviorExtensionElement, IServiceBehavior
{
#region IServiceBehavior Members
public void AddBindingParameters(ServiceDescription serviceDescription,
System.ServiceModel.ServiceHostBase serviceHostBase,
System.Collections.ObjectModel.Collection<ServiceEndpoint> endpoints,
System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
}
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)
{
}
public void Validate(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)
{
}
#endregion
public override Type BehaviorType
{
get { return typeof(HmacVerificationBehavior); }
}
protected override object CreateBehavior()
{
return new HmacVerificationBehavior();
}
}
现在,要使用检查器,请将以下内容添加到您的 web.config 中(您可以将扩展名设置为任何您想要的名称)
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="hmacVerification" type="NamespaceHere.HmacVerificationConfigurationSection, AssembleyHere, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</behaviorExtensions>
</extensions>
<services>
<service name="MySecureService">
<endpoint address="" binding="webHttpBinding" contract="IMySecureService" behaviorConfiguration="web" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp automaticFormatSelectionEnabled="true" />
<hmacVerification />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
有几件事,首先你在行为扩展中注册配置部分。接下来,您将该配置用作端点行为,然后它将自动注入检查器,并且对该端点的所有请求都将通过您的检查器运行。如果要关闭检查器,请删除标签或选择不同的端点行为。还要注意 webHttp 行为的使用(这将允许您保持 automaticFormatSelectionEnabled。
希望这可以帮助