我在IIS中托管了WCF服务。与服务通信的客户必须拥有我们公司的客户证书。该服务使用证书来标识客户端并处理访问。
现在,我还希望客户端使用用户名和密码进行身份验证,以及使用双因素身份验证的额外安全层。用户凭证将与证书一起使用,以识别客户端以处理访问。
我希望我唯一需要做的就是从客户端发送用户凭据,但我不知道如何在服务中获取这些凭据。
仅使用证书的工作代码:
var x509ClaimSet = OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.FirstOrDefault() as X509CertificateClaimSet;
if (x509ClaimSet == null || x509ClaimSet.X509Certificate == null)
throw AccessDeniedException();
// throws AccessDeniedException if no client can be found
var clientId = GetClientId(x509ClaimSet.X509Certificate);
现在我正在尝试使用以下方式从客户端发送用户凭据:
var client = new ServiceClient();
client.ClientCredentials.UserName.UserName = "Foo";
client.ClientCredentials.UserName.Password = "Bar";
如何在服务中获取此用户名和密码?
当前的服务配置是:
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" />
</clientCertificate>
<serviceCertificate findValue="64343ee2c8338518e78ba698f3936dc92c90db57" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="DefaultBinding" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="Service" behaviorConfiguration="DefaultBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="DefaultBinding" contract="IService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
</configuration>