Question

我有一个使用基本访问身份验证的WCF SOAP服务。 SSL没有被使用 - 我理解这里的安全问题。

使用WCFTestClient应用程序我已经通过在服务中临时硬编码用户名和密码来验证服务的工作原理，以便在Authorization标头不存在时使用。

我现在正在尝试编写一个通过Authorization标头传递凭据的测试应用程序。我已在我的测试应用中添加了对我的服务的服务引用，但http请求中不存在Authorization标头。生成的MyServiceClient课程使用System.ServiceModel.ClientBase

在我的测试应用中，我按照以下方式设置凭据

MyServiceClient client = new MyServiceClient("BasicHttpBinding_MyService");
client.ClientCredentials.UserName.UserName = "WebServiceUsername";
client.ClientCredentials.UserName.Password = "WebServicepassword";

我也尝试过如下

MyServiceClient client = new MyServiceClient();
ClientCredentials loginCredentials = new ClientCredentials();
loginCredentials.UserName.UserName = "WebServiceUsername";
loginCredentials.UserName.Password = "WebServicepassword";
client.Endpoint.Behaviors.Remove(client.Endpoint.Behaviors.Find<ClientCredentials>()); 
client.Endpoint.Behaviors.Add(loginCredentials);

服务web.config如下

<services>
  <service name="MyService" behaviorConfiguration="MyBehavior" >
    <endpoint contract="MyService" binding="basicHttpBinding" />
    <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
  </service>
</services>

测试app.config如下

<configuration>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_MyService">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:55314/MyService.svc"
        binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService"
        contract="MyService" name="BasicHttpBinding_MyService" />
    </client>
  </system.serviceModel>
</configuration>

对我遗失的内容有任何疑问？

Answer 1

这是一个很好的起点，将绑定和端点信息从配置文件移动到您的类：

        protected BasicHttpBinding binding = new BasicHttpBinding()
        {
            Name = "Name your binding here",
            CloseTimeout = new TimeSpan(0, 1, 0),
            OpenTimeout = new TimeSpan(0, 1, 0),
            ReceiveTimeout = new TimeSpan(0, 10, 0),
            SendTimeout = new TimeSpan(0, 1, 0),
            AllowCookies = false,
            BypassProxyOnLocal = false,
            HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
            MaxBufferSize = 65536,
            MaxBufferPoolSize = 524288,
            MaxReceivedMessageSize = 65536,
            MessageEncoding = WSMessageEncoding.Text,
            TransferMode = TransferMode.Buffered,
            UseDefaultWebProxy = true,
            Security = new BasicHttpSecurity()
            {
            Mode = BasicHttpSecurityMode.Transport,
            Message = new BasicHttpMessageSecurity() { AlgorithmSuite = SecurityAlgorithmSuite.Default, ClientCredentialType = BasicHttpMessageCredentialType.UserName}, 
            Transport = new HttpTransportSecurity() { ClientCredentialType = HttpClientCredentialType.Digest }
            },
        };
        protected EndpointAddress endPoint = new EndpointAddress("http://localhost:55314/MyService.svc");

然后

MyServiceClient client = new MyServiceClient(binding, endpont);

试试这个，并根据您的需求调整绑定，尤其是“安全性”。

Answer 2

BasicHttpBinding在WP8中似乎没有安全属性，我对尝试访问WP8下的共享点列表感到非常沮丧。 Xamarin IOS / Android没问题。

如何将服务引用与基本身份验证WCF SOAP服务一起使用

2 个答案: