我有一个wcf服务和客户端,并希望通过检查用户名和密码来提供额外的保护。我有以下有效的课程
public class UserCredentialsValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (!string.Equals(userName, Config.Login, StringComparison.InvariantCultureIgnoreCase)
&& !String.Equals(password, Config.Password))
{
throw new FaultException("Invalid user credentials. Access denied.");
}
}
}
并遵循服务器配置
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/> <serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="FileStorage.Core.ServiceModel.UserCredentialsValidator, FileStorage.Core"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="FileStorage.Core.ServiceModel.FileStorageService" behaviorConfiguration="serviceBehavior">
<endpoint address="" contract="FileStorage.IFileStorage" binding="wsHttpBinding" bindingConfiguration="bindingConfig"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="bindingConfig" maxBufferPoolSize="104857600" maxReceivedMessageSize="104857600" openTimeout="00:10:00"
closeTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<readerQuotas maxDepth="32" maxStringContentLength="104857600" maxArrayLength="104857600"
maxBytesPerRead="104857600" maxNameTableCharCount="1024"/> <security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
问题是CustomValidatir从不执行验证方法,例如验证逻辑不执行
这会导致什么?提前致谢
答案 0 :(得分:0)
尝试更改“安全”部分以阅读此内容...
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" proxyCredentialType="Basic" />
<message clientCredentialType="UserName"/>
</security>
答案 1 :(得分:0)
安全模式=“TransportWithMessageCredential”没问题。不确定为什么我们需要传输clientCredentialType =“Basic”proxyCredentialType =“Basic”......
我在我的Windows服务托管WCF中使用传输clientCredentialType =“Certificate”protectionLevel =“EncryptAndSign”。工作正常......看来诀窍似乎在于选择正确的安全模式。