具有基本身份验证和自定义UserNamePasswordValidator的IIS WCF服务

Question

这是我的Web.Config文件：

<configuration>
    <system.webServer>
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="X-Requested-With,Content-Type, Accept" />
          </customHeaders>
        </httpProtocol>
        <rewrite>
            <rules>
                <remove name="Remove service.svc" />
                <rule name="Remove service.scv">
                    <match url="^.+" />
                    <action type="Rewrite" url="service.svc/{R:0}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
  <system.serviceModel> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true">
    </serviceHostingEnvironment>  
    <services>      
      <service name="DTWebServiceLib.DTWebService" behaviorConfiguration="ServiceBehaviourConf">  
            <host>
          <baseAddresses>
            <add baseAddress="http://x.x.x.x:81/webservice" />
            <add baseAddress="http://localhost:81/webservice" />
            <add baseAddress="https://x.x.x.x:447/webservice" />
            <add baseAddress="https://localhost:447/webservice" />
          </baseAddresses>
        </host>

        <endpoint address="/" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="DTWebServiceLib.IDTWebService" name="wsBasicEndpoint"/>

        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

      </service>  
    </services>  
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security mode="Transport">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>



    </bindings>
     <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehaviourConf">

            <serviceMetadata httpGetEnabled="False" httpsGetEnabled="True" />

            <serviceDebug includeExceptionDetailInFaults="True" />

            <serviceCredentials>
              <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="DTWebServiceLib.Security.CustomUserValidator, App_Code" />
              <serviceCertificate findValue="auth_cert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            </serviceCredentials>

        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="webBehavior">
          <webHttp />
        </behavior>
      </endpointBehaviors>
    </behaviors>
    </system.serviceModel>  
    <connectionStrings>
        <add connectionString="Server=***;Database=****;Integrated Security=true" name="Database" providerName="System.Data.SqlClient" />       
    </connectionStrings>
    <system.web>

      <customErrors mode="Off" />
        <compilation defaultLanguage="c#">
            <assemblies>
                <clear />
                <add assembly="mscorlib" />
                <add assembly="Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

                <add assembly="*" />
            </assemblies>
        </compilation>
    </system.web>
</configuration>  

这是自定义类：

namespace DTWebServiceLib.Security
{
    class CustomUserValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
           ..    
        }
    }
}

当通过浏览器访问端点url时，它只是在循环中不断询问凭据，并且不执行自定义类代码。

我尝试使用此绑定：

<binding name="wsHttpEndpointBinding">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>

但是如果通过浏览器中的url访问它，它只会返回404错误。如果我使用Authentication头发出ajax请求，那么它会启动相同的凭据提示循环。

我在IIS中启用了基本身份验证。

我在配置中做错了吗？

谢谢