无法为WCF服务定义用户/密码

Question

我有一个使用基本身份验证的WCF Web服务。

我想为此服务定义用户/密码。所以我将web.config写入用户基本身份验证：

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="UsernameWithTransportCredentialOnly">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Basic"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>

    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceWithMetaData">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceAuthorization serviceAuthorizationManagerType="InterfaceWS.CredentialsChecker,App_Code.CredentialsChecker"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>

    <services>
        <service behaviorConfiguration="ServiceWithMetaData" name="InterfaceWS.MyService" >
            <endpoint
                address="https://localhost:44336/MyService.svc"
                binding="basicHttpBinding"
                bindingConfiguration="UsernameWithTransportCredentialOnly"
                name="BasicEndpoint"
                contract="InterfaceWS.IErpService">
            </endpoint>
        </service>
    </services>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"
        multipleSiteBindingsEnabled="false" />
</system.serviceModel>

我创建了一个继承自ServiceAuthorizationManager：

的类

namespace InterfaceWS
{
    public class CredentialsChecker : ServiceAuthorizationManager
    {
        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            //Extract the Authorization header, and parse out the credentials converting the Base64 string:  
            var authHeader = WebOperationContext.Current.IncomingRequest.Headers["Authorization"];
            if ((authHeader != null) && (authHeader != string.Empty))
            {
                var svcCredentials = System.Text.ASCIIEncoding.ASCII
                    .GetString(Convert.FromBase64String(authHeader.Substring(6)))
                    .Split(':');
                var user = new
                {
                    Name = svcCredentials[0],
                    Password = svcCredentials[1]
                };
                if ((user.Name == "testuser" && user.Password == "testpassword"))
                {
                    //User is authrized and originating call will proceed  
                    return true;
                }
                else
                {
                    //not authorized  
                    return false;
                }
            }
            else
            {
                //No authorization header was provided, so challenge the client to provide before proceeding:  
                WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"MyWCFService\"");
                //Throw an exception with the associated HTTP status code equivalent to HTTP status 401  
                throw new WebFaultException(HttpStatusCode.Unauthorized);
            }
        }

        public override bool CheckAccess(OperationContext operationContext)
        {
            return false;
        }
    }
}

但是CheckAccessCore从未到达，我无法连接到我的服务。我做错了什么？

Answer 1

serviceAuthorization是基于用户凭据授予对特定资源的访问权限。你想要身份验证。 您可以在配置中使用serviceCredentials/userNameAuthentication标记。 配置示例如下：https://docs.microsoft.com/en-us/dotnet/framework/wcf/samples/membership-and-role-provider