我有一个简单的Web服务,它托管在一个控制台应用程序中。它有效,但有一个问题:身份验证无法正常运行。
我的app.config如下:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Mg">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="TSOWS.UserValidator,TSOWS" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!--<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />-->
<services >
<service name="TSOWS.TSOWS" behaviorConfiguration="Mg" >
<endpoint address="/MyAddress" binding="wsHttpBinding" contract="TSOWS.ITSOWS" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
<host>
<baseAddresses >
<add baseAddress="http://10.120.170.181:8181/TSOWS.svc" />
</baseAddresses>
</host>
</service >
</services>
</system.serviceModel>
我的验证员是:
public class UserValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!(userName == "TSOWSUser" && password == "password"))
{
throw new SecurityTokenException("Unknown Username or Password");
}
}
}
永远不会调用UserValidator.Validate,并且Web服务已打开,无需提供任何用户名或密码。
知道为什么会这样吗?
我是否需要服务器证书才能使用身份验证?
答案 0 :(得分:0)
您需要一张证书才能运作。如果您的应用程序是Intranet,请使用不需要证书的Windows身份验证,但需要在Windows中定义用户。