用户名安全性无效的WCF服务

时间:2014-04-25 18:12:44

标签: c# web-services wcf soap ws-security

之前我创建了几个wcf服务但从未实现过安全性。现在我正在尝试为我的wcf服务实现用户名安全性。经过一些研究,使用wsHttpBinding在服务上实现了安全性。但是,当我尝试使用SOAPUI工具测试服务时,我收到一些奇怪的消息,并且找不到什么错误。请帮我在这里找错。

这是我的验证课程。

namespace WDARProductsService
{
    public class MyAuthentication : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            if (string.IsNullOrWhiteSpace(userName))
                throw new SecurityTokenException("userName required");

            if (string.IsNullOrWhiteSpace(password))
                throw new SecurityTokenException("password required");

            if (userName.ToLower() != "someusername" && password != "somepassword")
                throw new FaultException("userName and/or password is invalid.");
        }
    }
}

这是我的wcf配置。

 <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="svcbhvr1">
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WDARProductsService.MyAuthentication, WDARProductsService"/>
            <serviceCertificate findValue="WDARProdService"
                          storeLocation="LocalMachine"
                          storeName="Root"
                          x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="wshbinding">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="WDARProductsService.ProductService" behaviorConfiguration="svcbhvr1">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wshbinding" contract="WDARProductsService.IProductService" ></endpoint>
      </service>
    </services>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

这是我从SOAPUI发送的SOAP消息。

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tem="http://tempuri.org/">
  <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-38DE8B83BF5FAA37EE13984444482027">
        <wsse:Username>someusername</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somepassword</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">vkis9SvbH3lnvdNWR/L5nA==</wsse:Nonce>
        <wsu:Created>2014-04-25T16:47:28.202Z</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <tem:GetProducts>
    </tem:GetProducts>
  </soap:Body>
</soap:Envelope>

以下是服务器的响应。

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
   </s:Header>
   <s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc">a:BadContextToken</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">The message could not be processed. This is most likely because the action 'http://tempuri.org/IProductService/GetProducts' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>
</s:Envelope>

有人可以帮我找一下这个问题。谢谢大家。

1 个答案:

答案 0 :(得分:0)

默认情况下,将Security设置为Message的WsHttpBinding将启用安全上下文: 请参阅:http://msdn.microsoft.com/en-us/library/system.servicemodel.wshttpsecurity.message.aspx

因此,在您发送包含用户名令牌的邮件之前。您需要建立安全对话。我不知道它是否在SoapUI中得到支持,但在那里你可以找到一些提示: WCF wsHttpBinding in SoapUI

如果您不想使用安全对话,请将establishSecurityContext设置为false。如果您计划在生产中使用它,请考虑使用TransportWithMessageCredential使用SSL加密消息。

相关问题
最新问题