Wcf Rest with UserNamePasswordValidator问题

时间:2011-04-11 05:29:33

标签: wcf-rest wcf-rest-starter-kit

我正在尝试使用visual studio 2010将UserNamePasswordValidator添加到'WCF Rest Service Application'项目, 问题是..它永远不会进入UserNamePasswordValidator类, UserNamePasswordValidator与Wcf Rest一起使用吗?

请建议..

下面是我的服务类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel;
using System.ServiceModel.Activation;
using System.ServiceModel.Web;
using System.Text;
using System.Security.Principal;


namespace MyService
{
    // Start the service and browse to http://<machine_name>:<port>/Service1/help to view the service's generated help page
    // NOTE: By default, a new instance of the service is created for each call; change the InstanceContextMode to Single if you want
    // a single instance of the service to process all calls.   
    [ServiceContract(Namespace = "MyService")]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
    // NOTE: If the service is renamed, remember to update the global.asax.cs file
    public class Helo
    {
        [WebGet(UriTemplate = "{name}")]
        public string GetName(string name)
        {
            // TODO: Replace the current implementation to return a collection of SampleItem instances
            return "Hello " + name;
        }

        public class CustomUserNameValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
        {
            // This method validates users. It allows in two users, test1 and test2 
            // with passwords 1tset and 2tset respectively.
            // This code is for illustration purposes only and 
            // MUST NOT be used in a production environment because it is NOT secure.   
            public override void Validate(string userName, string password)
            {
                if (null == userName || null == password)
                {
                    throw new ArgumentNullException();
                }

                if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
                {
                    throw new FaultException("Unknown Username or Incorrect Password");
                }

                throw new FaultException("Unknown Username or Incorrect Password");
            }
        }
    }
}
下面的

是web.config:

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </modules>
  </system.webServer>

  <system.serviceModel>

    <services>
      <service name="MyService.Hello" behaviorConfiguration="HelloServiceBehavior">
        <!-- use base address provided by host, provide one endpoint -->
        <endpoint address="username" binding="wsHttpBinding" bindingConfiguration="Binding1" contract="MyService.Hello"/>
      </service>
    </services>

    <bindings>
      <wsHttpBinding>
        <!-- Username binding -->
        <binding name="Binding1">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="HelloServiceBehavior">
          <serviceCredentials>
            <!-- 
            The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.                  
            -->
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyService.Hello+CustomUserNameValidator, MyService"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>


    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
    <!--<standardEndpoints>
      <webHttpEndpoint>
        --><!-- 
            Configure the WCF REST service base address via the global.asax.cs file and the default endpoint 
            via the attributes on the <standardEndpoint> element below
        --><!--
        <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
      </webHttpEndpoint>
    </standardEndpoints>-->
  </system.serviceModel>

</configuration>

2 个答案:

答案 0 :(得分:1)

您必须拥有webHttpBinding并将clientCredentialType设置为basic,它将使用您派生的UserNamePasswordValidator。如果您有HTTPS设置,那么当然会将安全模式更改为Transport:

        <bindings>
        <webHttpBinding>
            <binding name="RestBindingConfiguration">
                <security mode="None">
                    <transport clientCredentialType="Basic"/>
                </security>
            </binding>
        </webHttpBinding>
        </bindings>

在相关的注释中,FaultExceptions只是SOAP,因此如果您需要为客户端抛出异常,请注意这一点。根据例外情况,MessageSecurityException可能有意义。

答案 1 :(得分:0)

我不确定你是否还在寻找答案,但万一你是......

在WCF上设置身份验证REST非常棘手。您似乎直接从msdn amirite模拟了您的尝试?我也没有太多运气。您可以尝试在this解决方案之后进行建模,这是基本身份验证的一个非常基本的示例。但我的建议,因为它对我来说效果很好,就是在WcfRestContrib之后为你的项目建模。基本身份验证不仅已经内置到项目中,而且您最终发现的许多其他功能也在那里。您可以对整个服务强制执行身份验证,也可以只按端点强制执行端点。

希望有所帮助。