我是网络服务新手。我想写一个简单的WCF用户名和密码验证。使用SoapUI进行测试时,如果安全模式设置为none(没有基本身份验证),则可以成功调用它。将安全模式设置为message(使用基本身份验证)后,将无法返回正确的结果。使用C#客户端可以成功调用它们。 我在StackOverflow上应用了很多建议,但仍然无法获得正确的结果。
是否需要进行其他设置,例如配置证书?我期待着你的帮助。
下面列出了设置详情。
当安全模式设置为message时,返回结果为
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="zh-HK">An error occurred when verifying security for the message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
SoapUI日志:
DEBUG:尝试1执行请求 DEBUG:发送请求:POST /ServiceHello.svc HTTP / 1.1 DEBUG:接收响应:HTTP / 1.1 500内部服务器错误 调试:连接可以无限期保持活跃 信息:3ms(576字节)内对[WSHttpBinding_IServiceHello.HelloWorld:Request 1]的响应
安全模式的结果=无
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IServiceHello/HelloWorldResponse</a:Action>
</s:Header>
<s:Body>
<HelloWorldResponse xmlns="http://tempuri.org/">
<HelloWorldResult>Hello World</HelloWorldResult>
</HelloWorldResponse>
</s:Body>
</s:Envelope>
这是web.config
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="WCFTest.ServiceHello"
behaviorConfiguration="WCFTest_Behavior">
<endpoint
address=""
binding="wsHttpBinding"
contract="WCFTest.IServiceHello"
bindingConfiguration="WCFTest_Config">
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="WCFTest_Config">
<security mode="None">
<!—The only difference between two web service is the security mode, which is set to message in the authentication version -->
<message clientCredentialType="UserName" negotiateServiceCredential="false"
establishSecurityContext="false" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest_Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None"/>
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFTest.App_Code.Authentication.CustomValidator,App_Code/Authentication"/>
<serviceCertificate
findValue="myCertificate"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
答案 0 :(得分:0)
在查看应用程序的配置时,我假设以下内容: a)您的WCF服务使用.NET Framework 4.5或更高版本。 b)该服务托管在启用了SSL安全性的IIS中。 c)您想使用WsHttpBinding。 d)身份验证是自定义的。
因此,我给您以下建议:
IIS出版物:
a)SSL安全性:启用“需要SSL”并将“客户端证书”设置为“忽略”。在Web.config中配置它的方式如下:
<clientCertificate>
<authentication certificateValidationMode = "None" />
</ clientCertificate>
b)身份验证:启用“匿名身份验证”并禁用其他身份验证。
Web.config:
<wsHttpBinding>
<binding name = "WCFTest_Config">
<security mode = "TransportWithMessageCredential">
<transport clientCredentialType = "None" proxyCredentialType = "None" realm = "" />
<message clientCredentialType = "UserName" />
</security>
</binding>
</wsHttpBinding>
还有
<protocolMapping>
<add binding = "wsHttpBinding" scheme = "https" />
</protocolMapping>
尝试一下,祝你好运!