我正在尝试使用visual studio 2010将UserNamePasswordValidator添加到'WCF Rest Service Application'项目, 问题是..它永远不会进入UserNamePasswordValidator类, UserNamePasswordValidator与Wcf Rest一起使用吗?
请建议..
下面是我的服务类:
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel;
using System.ServiceModel.Activation;
using System.ServiceModel.Web;
using System.Text;
using System.Security.Principal;
namespace MyService
{
// Start the service and browse to http://<machine_name>:<port>/Service1/help to view the service's generated help page
// NOTE: By default, a new instance of the service is created for each call; change the InstanceContextMode to Single if you want
// a single instance of the service to process all calls.
[ServiceContract(Namespace = "MyService")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
// NOTE: If the service is renamed, remember to update the global.asax.cs file
public class Helo
{
[WebGet(UriTemplate = "{name}")]
public string GetName(string name)
{
// TODO: Replace the current implementation to return a collection of SampleItem instances
return "Hello " + name;
}
public class CustomUserNameValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
{
// This method validates users. It allows in two users, test1 and test2
// with passwords 1tset and 2tset respectively.
// This code is for illustration purposes only and
// MUST NOT be used in a production environment because it is NOT secure.
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
{
throw new FaultException("Unknown Username or Incorrect Password");
}
throw new FaultException("Unknown Username or Incorrect Password");
}
}
}
}
下面的是web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
</system.webServer>
<system.serviceModel>
<services>
<service name="MyService.Hello" behaviorConfiguration="HelloServiceBehavior">
<!-- use base address provided by host, provide one endpoint -->
<endpoint address="username" binding="wsHttpBinding" bindingConfiguration="Binding1" contract="MyService.Hello"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<!-- Username binding -->
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HelloServiceBehavior">
<serviceCredentials>
<!--
The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.
-->
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyService.Hello+CustomUserNameValidator, MyService"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<!--<standardEndpoints>
<webHttpEndpoint>
--><!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
--><!--
<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>-->
</system.serviceModel>
</configuration>
答案 0 :(得分:1)
您必须拥有webHttpBinding并将clientCredentialType设置为basic,它将使用您派生的UserNamePasswordValidator。如果您有HTTPS设置,那么当然会将安全模式更改为Transport:
<bindings>
<webHttpBinding>
<binding name="RestBindingConfiguration">
<security mode="None">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
在相关的注释中,FaultExceptions只是SOAP,因此如果您需要为客户端抛出异常,请注意这一点。根据例外情况,MessageSecurityException可能有意义。
答案 1 :(得分:0)
我不确定你是否还在寻找答案,但万一你是......
在WCF上设置身份验证REST非常棘手。您似乎直接从msdn amirite模拟了您的尝试?我也没有太多运气。您可以尝试在this解决方案之后进行建模,这是基本身份验证的一个非常基本的示例。但我的建议,因为它对我来说效果很好,就是在WcfRestContrib之后为你的项目建模。基本身份验证不仅已经内置到项目中,而且您最终发现的许多其他功能也在那里。您可以对整个服务强制执行身份验证,也可以只按端点强制执行端点。
希望有所帮助。