如何设置WorkflowService身份验证?

时间:2012-03-06 04:39:09

标签: authentication workflow-foundation-4 wcf-security

我只需要保护我的WF服务。找不到任何资源。怎么做?

已经尝试过:

class Program
{
    static void Main(string[] args)
    {
        using (WorkflowServiceHost host = new WorkflowServiceHost(new Workflow1(), new Uri("http://localhost/Test")))
        {
            host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
            host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new Test();

            host.Open();
            Console.Write("ready");
            Console.ReadLine();
        }
    }
}
public class Test : UserNamePasswordValidator
{
    public Test()
    {
        Console.Write("hit");
    }

    public override void Validate(string userName, string password)
    {
        Console.Write("never hit");
    }
}

和配置

<bindings>
  <wsHttpBinding>
    <binding>
      <security mode="Message">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

  <serviceBehaviors>
    <behavior>
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <!--<serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="myAssembly.Test, myAssembly" />
      </serviceCredentials>-->
    </behavior>
  </serviceBehaviors>
  • 无法创建固定名称端点,因为它们是动态创建的

更新 - 我尝试了以下配置并且工作正常,但我想要一种更精细的方式来设置每个服务使用的绑定

<protocolMapping>
  <add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>

3 个答案:

答案 0 :(得分:2)

我们有一集Workflow TV可以提供帮助。 Workflow TV - Workflow Services Security

答案 1 :(得分:1)

就消息传递部分而言,这只是WCF所以你可以在这里使用WCF做的任何事情。

说到工作流程,除了第一个请求之外,您通常需要更细粒度的控制。例如,所有员工都可以启动费用报表,但只有启动特定费用报表的员工才能向其添加费用并提交。您可以使用WF Security Pack进行这类安全检查。

答案 2 :(得分:0)

有点hackish,但有效。覆盖WorkflowServiceHost以获取未知的合同名称并为每个名称添加服务端点。

    const string DEFAULT_WORKFLOW_SERVICE_BINDING_NAME = "WorkflowDefaultBinding";

    static void Main(string[] args)
    {            
        MyWorkflowServiceHost host = new MyWorkflowServiceHost(new CountingWorkflow2(), new Uri(hostBaseAddress));
        foreach (var contractName in host.ImplementedContractsNames)
        {
            // now I'm able to choose which binding to use depending on a condition
            var binding = new WSHttpBinding(DEFAULT_WORKFLOW_SERVICE_BINDING_NAME);

            host.AddServiceEndpoint(contractName, binding, string.Empty);
        }
    }

和MyWorkflowServiceHost 

    public class MyWorkflowServiceHost : WorkflowServiceHost
    {
        public MyWorkflowServiceHost(Activity activity, params Uri[] baseAddresses)
            : base(activity, baseAddresses)
        {

        }

        private IDictionary<string, System.ServiceModel.Description.ContractDescription> _implementedContracts;
        public IEnumerable<string> ImplementedContractsNames
        {
            get
            {
                foreach (var contract in _implementedContracts)
                    yield return contract.Key;
            }
        }

        protected override System.ServiceModel.Description.ServiceDescription CreateDescription(out System.Collections.Generic.IDictionary<string, System.ServiceModel.Description.ContractDescription> implementedContracts)
        {
            System.ServiceModel.Description.ServiceDescription description = base.CreateDescription(out implementedContracts);

            _implementedContracts = implementedContracts;

            return description;
        }
    }

添加已发布的WSHttpBinding以及服务模型的以下部分也应该有效,但对于默认配置

<protocolMapping>
  <add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>
相关问题
最新问题