我有一个自托管的REST WCF Windows服务。我已经为该服务提供了基本身份验证,但我也希望为支持它的客户端支持Windows身份验证。我是否必须在不同的端口上有一个单独的端点?
更新:我已经接近在WCF 4.0中工作了。这是代码,我现在遇到的问题是我似乎只能让NTLM正常工作,这需要用户输入他们的凭据,这会使使用Windows Auth的任何好处无效。
我仍然不确定如何让Windows身份验证正常工作,而无需用户再次输入密码。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Web;
using System.IdentityModel.Selectors;
namespace BasicAndNegotiateAuth
{
class Program
{
static void Main(string[] args)
{
Uri newUri = new Uri(new Uri("http://localhost/"), "/");
WebServiceHost webHost = new WebServiceHost(typeof(HelloWorldService), newUri);
// TransportCredentialOnly means we can use http
WebHttpBinding binding = new WebHttpBinding(WebHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic | HttpClientCredentialType.Ntlm;
ServiceEndpoint ep = webHost.AddServiceEndpoint(typeof(IHelloWorld), binding, newUri);
WebHttpBehavior wb = new WebHttpBehavior();
ep.EndpointBehaviors.Add(wb);
ep.Behaviors.Add(new WebHttpCors.CorsSupportBehavior());
//ServiceAuthenticationBehavior sab = null;
//sab = webHost.Description.Behaviors.Find<ServiceAuthenticationBehavior>();
//if (sab == null)
//{
// sab = new ServiceAuthenticationBehavior();
// sab.AuthenticationSchemes = AuthenticationSchemes.Basic | AuthenticationSchemes.IntegratedWindowsAuthentication;
// host.Description.Behaviors.Add(sab);
//}
webHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
webHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameValidator();
webHost.Open();
Console.ReadLine();
}
}
public class CustomUserNameValidator: UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
int i = 1;
}
}
[ServiceContract]
public interface IHelloWorld
{
[System.ServiceModel.OperationContract]
[System.ServiceModel.Web.WebGet(
UriTemplate = "/",
ResponseFormat = WebMessageFormat.Json)]
string GetHello();
}
public class HelloWorldService : IHelloWorld
{
public string GetHello()
{
ServiceSecurityContext ssc = ServiceSecurityContext.Current;
return "Hello World";
}
}
}
答案 0 :(得分:2)
在.NET 4.5中,您可以在WCF中的单个端点上支持多种身份验证方案。
以下是如何在自助托管服务的代码中执行此操作的示例:
ServiceAuthenticationBehavior sab = null;
sab = serviceHost.Description.Behaviors.Find<ServiceAuthenticationBehavior>();
if (sab == null)
{
sab = new ServiceAuthenticationBehavior();
sab.AuthenticationSchemes = AuthenticationSchemes.Basic |
AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;
serviceHost.Description.Behaviors.Add(sab);
}
else
{
sab.AuthenticationSchemes = AuthenticationSchemes.Basic |
AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;
}
或者,您可以在配置文件中进行设置,如下所示:
<behaviors>
<serviceBehaviors>
<behavior name="limitedAuthBehavior">
<serviceAuthenticationManager authenticationSchemes=
"Negotiate, Digest, Basic"/>
<!-- ... -->
</behavior>
</serviceBehaviors>
</behaviors>
然后在绑定设置中指定InheritedFromHost
,如下所示:
<bindings>
<basicHttpBinding>
<binding name="secureBinding">
<security mode="Transport">
<transport clientCredentialType="InheritedFromHost" />
</security>
</binding>
</basicHttpBinding>
</bindings>
在MSDN上查看此文章:Using Multiple Authentication Schemes with WCF。