WCF REST服务是否支持基本身份验证和Windows身份验证?

时间:2014-05-14 01:30:31

标签: wcf authentication windows-authentication

我有一个自托管的REST WCF Windows服务。我已经为该服务提供了基本身份验证,但我也希望为支持它的客户端支持Windows身份验证。我是否必须在不同的端口上有一个单独的端点?

更新:我已经接近在WCF 4.0中工作了。这是代码,我现在遇到的问题是我似乎只能让NTLM正常工作,这需要用户输入他们的凭据,这会使使用Windows Auth的任何好处无效。

我仍然不确定如何让Windows身份验证正常工作,而无需用户再次输入密码。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Web;
using System.IdentityModel.Selectors;

namespace BasicAndNegotiateAuth
{
    class Program
    {
        static void Main(string[] args)
        {
            Uri newUri = new Uri(new Uri("http://localhost/"), "/");
            WebServiceHost webHost = new WebServiceHost(typeof(HelloWorldService), newUri);

            // TransportCredentialOnly means we can use http
            WebHttpBinding binding = new WebHttpBinding(WebHttpSecurityMode.Transport);
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic | HttpClientCredentialType.Ntlm;

            ServiceEndpoint ep = webHost.AddServiceEndpoint(typeof(IHelloWorld), binding, newUri);

            WebHttpBehavior wb = new WebHttpBehavior();                
            ep.EndpointBehaviors.Add(wb);
            ep.Behaviors.Add(new WebHttpCors.CorsSupportBehavior());

            //ServiceAuthenticationBehavior sab = null;
            //sab = webHost.Description.Behaviors.Find<ServiceAuthenticationBehavior>();
            //if (sab == null)
            //{
            //    sab = new ServiceAuthenticationBehavior();
            //    sab.AuthenticationSchemes = AuthenticationSchemes.Basic | AuthenticationSchemes.IntegratedWindowsAuthentication;
            //    host.Description.Behaviors.Add(sab);
            //}
            webHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
            webHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameValidator();

            webHost.Open();
            Console.ReadLine();
        }
    }

    public class CustomUserNameValidator: UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            int i = 1;
        }
    }

    [ServiceContract]
    public interface IHelloWorld
    {
        [System.ServiceModel.OperationContract]
        [System.ServiceModel.Web.WebGet(
            UriTemplate = "/",
            ResponseFormat = WebMessageFormat.Json)]
        string GetHello();
    }

    public class HelloWorldService : IHelloWorld
    {
        public string GetHello()
        {
            ServiceSecurityContext ssc = ServiceSecurityContext.Current;
            return "Hello World";
        }
    }
}

1 个答案:

答案 0 :(得分:2)

在.NET 4.5中,您可以在WCF中的单个端点上支持多种身份验证方案。

以下是如何在自助托管服务的代码中执行此操作的示例:

ServiceAuthenticationBehavior sab = null;
sab = serviceHost.Description.Behaviors.Find<ServiceAuthenticationBehavior>();
if (sab == null)
{
    sab = new ServiceAuthenticationBehavior();
    sab.AuthenticationSchemes = AuthenticationSchemes.Basic | 
           AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;
    serviceHost.Description.Behaviors.Add(sab);
}
else
{
     sab.AuthenticationSchemes = AuthenticationSchemes.Basic | 
           AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;
}

或者,您可以在配置文件中进行设置,如下所示:

<behaviors>
    <serviceBehaviors>
      <behavior name="limitedAuthBehavior">
        <serviceAuthenticationManager authenticationSchemes=
                                             "Negotiate, Digest, Basic"/>
        <!-- ... -->
      </behavior>
   </serviceBehaviors>
</behaviors>

然后在绑定设置中指定InheritedFromHost,如下所示:

<bindings>
   <basicHttpBinding>
      <binding name="secureBinding">
        <security mode="Transport">
          <transport clientCredentialType="InheritedFromHost" />
        </security>
      </binding>
   </basicHttpBinding>
</bindings>

在MSDN上查看此文章:Using Multiple Authentication Schemes with WCF