我有一个Rest WCF服务使用以下配置
<service behaviorConfiguration="webBehaviour" name="AOS.BrokerAPI.WCFService.BrokerAPIService">
<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange" />
<endpoint address="brokerapi" binding="webHttpBinding" bindingConfiguration="webHttpBinding"
name="web" contract="AOS.BrokerAPI.WCFService.IBrokerAPIService" behaviorConfiguration="EndPointBehaviour"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/AOS.BrokerAPI.WCFService/BrokerAPIService/" />
<add baseAddress="https://localhost:8732/Design_Time_Addresses/AOS.BrokerAPI.WCFService/BrokerAPIService/" />
</baseAddresses>
</host>
</service>
</services>
<behavior name="webBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"
httpGetBinding="" />
<serviceDiscovery />
<!--<serviceAuthenticationManager serviceAuthenticationManagerType=""/>-->
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AOS.BrokerAPI.WCFService.Security.Account,AOS.BrokerAPI.WCFService" />
<!--<serviceCertificate findValue="CN=Dev Certification Authority" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine"/>-->
</serviceCredentials>
</behavior>
当我从本地主机运行应用程序时,它使用我的自定义用户名和密码验证类,但当我将其移动到IIS时,它无法登录。
我启用了基本身份验证并禁用了匿名身份验证。还有其他我可能会遗失的东西吗?
以下是Authentication类的代码,在使用Visual Studio
时,这在我的localhost上完美运行public class Account : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
//log the user in or return a webexception
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
var user = DB.GetUser(userName);
//usernme = test, password = Password1
if (!AOS.BrokerAPI.Domain.Security.PasswordStorage.VerifyPassword(password, user.Password))
throw new SecurityTokenException("Unknown Username or Incorrect Password");
}
}
我已为身份验证类启用了日志记录,但代码永远不会命中它。
花了几个小时谷歌后,我找到了一个解决方案,虽然我无法使用它,我的想法是创建IIS的授权扩展并将其设置为您的webconfig并启用它,这样IIS将使用它而不是基本身份验证。
答案 0 :(得分:0)
对于那些可能正在寻找这个问题的解决方案的人来说,我的解决方案是托管应用程序是一个Web应用程序(在我的情况下是asp.net MVC)并使用和HttpModule来处理身份验证和授权
使用
public class CustomAuthenticationModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
}
public void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
if (!SecuirtyHelper.Authenticate(application.Context))
{
application.Context.Response.Status = "01 Unauthorized";
application.Context.Response.StatusCode = 401;
application.Context.Response.AddHeader("WWW-Authenticate", "Basic realm=localhost");
// application.Context.Response.ContentType = "application/json";
application.CompleteRequest();
}
}
public void Dispose()
{
}
}
这将允许使用自定义身份验证进行身份验证。在Authenticate方法中,您必须检查您的请求是否安全,是否有授权标头并尝试验证用户的cridentials
public static bool Authenticate(HttpContext context)
{
if (!HttpContext.Current.Request.IsSecureConnection)
return false;
if (!HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
return false;
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
IPrincipal principal;
if (TryGetPrincipal(authHeader, out principal))
{
HttpContext.Current.User = principal;
return true;
}
return false;
}
private static bool TryGetPrincipal(string authHeader, out IPrincipal principal)
{
var creds = ParseAuthHeader(authHeader);
if (creds != null && TryGetPrincipal(creds, out principal))
return true;
principal = null;
return false;
}
这应该是使用基本身份验证在WCF上进行自定义身份验证所需的全部内容。