使用basicHttpBinding和自定义UserNamePasswordValidator进行WCF身份验证?

时间:2012-11-05 05:56:16

标签: c# wcf wcf-security basichttpbinding

这里我在WCF RESTfull服务中实现自定义usernamepasswordvalidator。我需要的是在通过Chrome REST客户端调用此http://localhost:12229/RestServiceImpl.svc/GetStudentObj时,它不验证用户名密码..直接调用此方法并获取结果。我在这做错了什么?

我的界面

 [ServiceContract]
    public interface IRestServiceImpl
    {
        [OperationContract]
        [WebInvoke(Method = "GET", UriTemplate = "/GetStudentObj", RequestFormat = WebMessageFormat.Json,
           ResponseFormat = WebMessageFormat.Json)]
        Student GetStudent();
    }

SVC

public class RestServiceImpl : IRestServiceImpl
    {
        public Student GetStudent()
        {
                Student stdObj = new Student
                {
                    StudentName = "Foo",
                    Age = 29,
                    Mark = 95
                };
                return stdObj;

        }

        public class CustomUserNameValidator : UserNamePasswordValidator
        {
           public override void Validate(string userName, string password)
            {

                if (null == userName || null == password)
                {
                    throw new ArgumentNullException("You must provide both the username and password to access this service");
                }

                if (!(userName == "user1" && password == "test") && !(userName == "user2" && password == "test"))
                {

                     throw new SecurityTokenException("Unknown Username or Incorrect Password");
                }
            }
        }

    }

和Web.Config

 <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Basic"></transport>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <protocolMapping>
      <add scheme="http" binding="webHttpBinding"/>
    </protocolMapping>
    <services>
      <service name="RestService.RestServiceImpl" >
        <endpoint address="" binding="webHttpBinding" contract="RestService.IRestServiceImpl"></endpoint>
      </service>
    </services>
    <behaviors>
      <endpointBehaviors>
        <behavior>
          <webHttp />
        </behavior >
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="SecureRESTSvcTestBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="RESTfulSecuritySH.CustomUserNameValidator, RESTfulSecuritySH" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

有什么建议吗?

1 个答案:

答案 0 :(得分:0)

您似乎没有为服务设置自定义行为。

您需要使用behaviorConfiguration属性告诉服务 SecureRESTSvcTestBehavior 行为:

<service name="RestService.RestServiceImpl" behaviorConfiguration="SecureRESTSvcTestBehavior">
    <endpoint address="" binding="webHttpBinding" contract="RestService.IRestServiceImpl"></endpoint>
</service>