所以在这个阶段试图让这个工作之后,我现在正在向你提出这个问题。
是的,我经历了一堆类似于我的堆栈溢出问题,但无济于事。
我想要做的就是通过SSL添加基本身份验证。从我翻阅的数以万计的44,000和7个教程中,这似乎是一个简单的任务。
我得到的是一个弹出的对话框,询问我是否输入了用户名和密码,但即使我传递了正确的凭据,它也会一次又一次地弹出。
我也玩过iis express中的配置设置。如果我禁用基本身份验证,我会收到一个错误,抱怨它没有打开。
我知道我是金发碧眼的,但在我在屏幕上放一个洞之前,这是我的web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<!--DIAGNOSTICS-->
<system.diagnostics>
<trace autoflush="true"/>
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="ServiceModel"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="C:\ServiceModel.svclog" />
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="MessageLogging"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="C:\MessageLogging.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="True"
logMalformedMessages="False"
logMessagesAtServiceLevel="True"
logMessagesAtTransportLevel="False"
maxMessagesToLog="10000"
maxSizeOfMessageToLog="10000" />
</diagnostics>
<bindings>
<webHttpBinding>
<binding name="SSSLayer">
<security mode="Transport">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="serviceBehaviour" name="Booky.Machine_SVC">
<endpoint address=""
behaviorConfiguration="RESTBehaviour"
binding="webHttpBinding"
bindingConfiguration="SSSLayer"
contract="Booky.IMachine_SVC" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="RESTBehaviour">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="serviceBehaviour">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<!--<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Booky.Authentication, Booky" />
</serviceCredentials>-->
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
namespace Booky
{
public class Authentication : System.IdentityModel.Selectors.UserNamePasswordValidator
{
public override void Validate(string UserName, string Password)
{
if (UserName == null || Password == null)
{
throw new ArgumentNullException("Username or Password is Incorrect");
}
if (!(UserName == "wickd" && Password == "OMIG2015"))
{
throw new Exception("Invalid Credentials");
}
}
}
}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Multiple, IncludeExceptionDetailInFaults=true)]
public class Machine_SVC : IMachine_SVC
{
/// <summary>
/// Retrieves a serial number
/// </summary>
/// <param name="serial"></param>
/// <returns></returns>
Machine IMachine_SVC.GetMachine(string serial)
{
var res = Machine.GetMachine(serial);
if (CheckContent(res))
return res;
else
return null;
}
/// <summary>
/// Creates a new machine object
/// </summary>
/// <param name="machine"></param>
void IMachine_SVC.CreateMachine(Machine machine)
{
if (!Machine.CreateMachine(machine))
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.PreconditionFailed;
WebOperationContext.Current.OutgoingResponse.StatusDescription = "A serial and status needs to be specified for the machine to be created";
}
}
/// <summary>
/// This will update the machine information
/// </summary>
/// <param name="machine"></param>
/// <param name="serial"></param>
void IMachine_SVC.UpdateMachineInfo(Machine machine, string serial)
{
var result = Machine.UpdateMachineInfo(machine, serial);
CheckUpdateCreateResult(result);
}
private bool CheckContent(object result, HttpStatusCode code = HttpStatusCode.NotFound)
{
if (result != null)
{
return true;
}
else
{
WebOperationContext.Current.OutgoingResponse.StatusCode = code;
return false;
}
}
private void CheckUpdateCreateResult(ReturnCodes result)
{
if (result == ReturnCodes.DATASETINCOMPLETE)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.PreconditionFailed;
WebOperationContext.Current.OutgoingResponse.StatusDescription = "Not all the required attributes were provided. You need a serial, bitlocked, model and type attribute";
}
if (result == ReturnCodes.INVALIDDATA)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.PreconditionFailed;
WebOperationContext.Current.OutgoingResponse.StatusDescription = "The serial provided in the url is not the same as in the json object";
}
if (result == ReturnCodes.NOTEXIST)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.NotFound;
WebOperationContext.Current.OutgoingResponse.StatusDescription = "The serial you have provided does not exist yet! You need to create it first!";
}
}
/// <summary>
/// Retrieves a list of owners of the machine with the owners organized from last login first
/// </summary>
/// <param name="serial"></param>
/// <returns></returns>
List<MachineOwner> IMachine_SVC.GetMachineOwners(string serial)
{
var owners = MachineOwners.GetOwners(serial);
if (CheckContent(owners))
return owners;
else
return null;
}
/// <summary>
/// Adds a new Machine owner. Only adds the serial, nothing else
/// </summary>
/// <param name="owner"></param>
/// <param name="serial"></param>
void IMachine_SVC.AddMachineOwner(MachineOwner owner, string serial)
{
var result = MachineOwners.AddOwner(owner, serial);
CheckUpdateCreateResult(result);
}
/// <summary>
/// Retrieves the statuses for a particular machine
/// </summary>
/// <param name="serial"></param>
/// <returns></returns>
List<MachineStatus> IMachine_SVC.GetMachineStatuses(string serial)
{
var statuses = MachineStatus.GetStatusList(serial);
if (CheckContent(statuses))
return statuses;
else
return null;
}
/// <summary>
/// This will update a machine status.
/// - Checks that the operation is valid compared to last machine login
/// - Checks that status is indeed valid
/// </summary>
/// <param name="serial"></param>
/// <param name="status"></param>
void IMachine_SVC.UpdateMachineStatus(string serial, MachineStatus status)
{
var result = MachineStatus.UpdateStatus(serial, status);
CheckUpdateCreateResult(result);
}
/// <summary>
/// Retrieves a list of all machines ever registered on the network
/// </summary>
/// <returns></returns>
List<Machine> IMachine_SVC.GetAllMachines()
{
var machines = Machines.GetAllMachines();
if (CheckContent(machines))
return machines;
else
return null;
}
/// <summary>
///
/// </summary>
/// <param name="search"></param>
void IMachine_SVC.CreateMachineSearch(MachineSearch search)
{
throw new NotImplementedException();
}
}
[ServiceContract]
public interface IMachine_SVC
{
[OperationContract]
[WebInvoke(Method="GET",
RequestFormat=WebMessageFormat.Json,
BodyStyle=WebMessageBodyStyle.Bare,
ResponseFormat=WebMessageFormat.Json,
UriTemplate="/machine/{serial}")]
Machine GetMachine(string serial);
[OperationContract]
[WebInvoke(Method = "PUT",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine/{serial}")]
void UpdateMachineInfo(Machine machine, string serial);
[OperationContract]
[WebInvoke(Method = "POST",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine")]
void CreateMachine(Machine machine);
[OperationContract]
[WebInvoke(Method = "GET",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine/{serial}/owners")]
List<MachineOwner> GetMachineOwners(string serial);
[OperationContract]
[WebInvoke(Method = "POST",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine/{serial}/owner")]
void AddMachineOwner(MachineOwner owner, string serial);
[OperationContract]
[WebInvoke(Method = "GET",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine/{serial}/statuses")]
List<MachineStatus> GetMachineStatuses(string serial);
[OperationContract]
[WebInvoke(Method = "PUT",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machine/{serial}/status")]
void UpdateMachineStatus(string serial, MachineStatus status);
[OperationContract]
[WebInvoke(Method = "GET",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machines")]
List<Machine> GetAllMachines();
[OperationContract]
[WebInvoke(Method = "POST",
RequestFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/machines")]
void CreateMachineSearch(MachineSearch search);
}
答案 0 :(得分:1)
如果您在IIS中托管此服务,那么您将面临问题,因为自定义密码验证程序不是为IIS托管构建的。它将与独立主机完美配合。查看详细信息here,其中Phil清楚地声明请注意,这仅在自托管服务下支持。
您可以通过扩展“ServiceAuthorizationManager”类来实现它,而不是使用自定义验证器。
public class RestAuthorizationManager: ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
//Extract the Authorization header, and parse out the credentials converting the Base64 string:
var authHeader = WebOperationContext.Current.IncomingRequest.Headers["Authorization"];
if ((authHeader != null) && (authHeader != string.Empty))
{
var svcCredentials = System.Text.ASCIIEncoding.ASCII
.GetString(Convert.FromBase64String(authHeader.Substring(6)))
.Split(':');
var user = new { Name = svcCredentials[0], Password = svcCredentials[1] };
if ((user.Name == "user1" && user.Password == "test"))
{
//User is authrized and originating call will proceed
return true;
}
else
{
//not authorized
return false;
}
}
else
{
//No authorization header was provided, so challenge the client to provide before proceeding:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"MyWCFService\"");
//Throw an exception with the associated HTTP status code equivalent to HTTP status 401
throw new WebFaultException("Please provide a username and password", HttpStatusCode.Unauthorized);
}
}
}
将RestAuthorizationManager添加到服务行为。
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceAuthorization
serviceAuthorizationManagerType
=" WcfWebHttpIISHostingSample.RestAuthorizationManager, WcfWebHttpIISHostingSample"/>
</behavior>
</serviceBehaviors>
这应该让你去。
我写了一个complete guide,用于使用基本身份验证和SSL创建和保护WCF REST服务。即使安全行为也是WCF REST和webhttp行为的扩展library的一部分,您可能想要通过它。请参阅CustomAuthenticationBehavior详细信息。