我一直在尝试使用WCF创建一个相对简单的自托管RESTful服务,但我想添加自定义身份验证。为此,我尝试重写UserNamePasswordValidator。不幸的是,虽然这被称为验证用户名/密码组合,但如果用户名/密码没有通过,服务器将返回403 Forbidden,而不是401 Unauthorized,正如我所期望的那样。这将导致一个大问题,因为如果用户第一次无法进行身份验证,除非他们重新启动浏览器,否则不会再次提示他们输入凭据。那么,我做错了什么?
这是我到目前为止所做的:
(实际的ServiceContract包含一个返回字符串的方法)
class Program
{
static void Main(string[] args)
{
WebServiceHost host = null;
try
{
host = new WebServiceHost(typeof (MyService));
const string uri = "http://127.0.0.1/MyService";
var wb = new WebHttpBinding
{
Security =
{
Mode = WebHttpSecurityMode.TransportCredentialOnly,
Transport = {ClientCredentialType = HttpClientCredentialType.Basic}
}
};
var ep = host.AddServiceEndpoint(typeof (IMyService), wb, uri);
host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new PasswordValidator();
host.Open();
Console.WriteLine("Press any key to terminate");
Console.ReadKey();
}
finally
{
if (host != null) host.Close();
}
}
}
public class PasswordValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
throw new ArgumentNullException();
if (userName == "Test" && password == "Password") return;
throw new WebFaultException(HttpStatusCode.Unauthorized);
}
}
我已经注意到了other, similar question,但是那里发布的答案都没有。我希望一个更完整定义的问题版本会引起更好的回应。
答案 0 :(得分:7)
试试这个:
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
throw new ArgumentNullException();
if (userName == "Test" || password == "Password") return;
WebFaultException rejectEx = new WebFaultException(HttpStatusCode.Unauthorized);
rejectEx.Data.Add("HttpStatusCode", rejectEx.StatusCode);
throw rejectEx;
}
据我所知,这是一种未记录的技术,它依赖于WCF堆栈如何在内部管理异常。应该有一个记录的方式,但我没有找到一个。