[英]WCF wsDualHttpBinding and UserNamePasswordValidator
I'd like to use UserNamePasswordValidator with wsDualHttpBinding but here is my problem: 我想将UserNamePasswordValidator与wsDualHttpBinding一起使用,但这是我的问题:
If I use: 如果我使用:
<security mode="Message" > <message clientCredentialType="UserName" /> </security>
I get this exception: 我得到这个例外:
Identity check failed for outgoing message. 身份检查失败,没有传出邮件。 The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS claim 'Theater'.
远程端点的预期DNS标识为“本地主机”,但远程端点提供了DNS声明“剧院”。 If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'Theater' as the Identity property of EndpointAddress when creating channel proxy.
如果这是合法的远程终结点,则可以在创建通道代理时通过将DNS身份“剧院”明确指定为EndpointAddress的Identity属性来解决此问题。
If I change the DNS to Theater then it times out. 如果我将DNS更改为Theater,则超时。 If i don't use the security mode the UserNamePasswordValidator doesn't get called.
如果我不使用安全模式,则不会调用UserNamePasswordValidator。 I read that if I would use wsHttpBinding I could set the security to TransportWithMessageCredential and that would work but I need the dual.
我读到,如果我使用wsHttpBinding,可以将安全性设置为TransportWithMessageCredential,这可以工作,但是我需要双重身份。 Here is the config:
这是配置:
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding maxReceivedMessageSize="268435456" maxBufferPoolSize="268435456">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="268435456" maxBytesPerRead="4096" maxNameTableCharCount="2147483647" />
<security mode="Message" >
<message clientCredentialType="UserName" />
</security>
</binding>
</wsDualHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="wsDualHttpBinding" contract="WcfService1.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfService1.OperatorValidator, WcfService1"/>
<serviceCertificate findValue="Theater" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
Validator: 验证器:
namespace WcfService1
{
public class OperatorValidator : UserNamePasswordValidator
{
public override void Validate(String userName, String password)
{
if (String.IsNullOrEmpty(userName) || String.IsNullOrEmpty(password))
throw new SecurityTokenException("Username and password cannot be empty.");
try
{
using (Theater4Entities entities = new Theater4Entities())
{
Byte[] passwordBytes;
using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider())
{
passwordBytes = provider.ComputeHash(Encoding.UTF8.GetBytes(password));
}
Operator currentOperator = entities.Operator.FirstOrDefault(op => op.UserName == userName);
if (currentOperator == null || !passwordBytes.SequenceEqual(currentOperator.UserPassword))
throw new SecurityTokenException("Username or password does not match.");
}
}
catch (SecurityTokenException)
{
throw;
}
catch
{
throw new SecurityTokenException("Unexpected error occured.");
}
}
}
}
And here is where I catch the exception: 这是我捕捉到异常的地方:
public WAF1ClientViewModel()
{
_callbackService = new RentalServiceCallback();
InstanceContext context = new InstanceContext(_callbackService);
_client = new Service1Client(context);
}
.
.
.
private void LoginExecuted(PasswordBox passwordBox)
{
try
{
_client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
_client.ClientCredentials.UserName.UserName = UserName;
_client.ClientCredentials.UserName.Password = passwordBox.Password;
_client.Login(UserName);
_isLoggedIn = true;
OnLoginSuccess();
}
catch
{
OnLoginFailed();
}
}
I would be open to any alternative method. 我将接受任何替代方法。
WCF side WCF端
You would have to use Custom Binding and use authenticationMode="SecureConversation" as shown below 您将必须使用Custom Binding并使用authenticationMode =“ SecureConversation” ,如下所示
<customBinding>
<binding name="CustomWSDualHttpBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<reliableSession inactivityTimeout="00:01:00" maxPendingChannels="16384" maxTransferWindowSize="4096" maxRetryCount="2"/>
<security authenticationMode="SecureConversation" requireDerivedKeys="true">
<secureConversationBootstrap authenticationMode ="UserNameForCertificate"/>
</security>
<compositeDuplex />
<oneWay />
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
EDIT: To increase the maximum array length quota and change the buffer size use below binding 编辑:要增加最大数组长度配额并更改缓冲区大小,请使用以下绑定
<binding name="CustomWSDualHttpBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<reliableSession inactivityTimeout="00:01:00" maxPendingChannels="16384" maxTransferWindowSize="4096" maxRetryCount="2"/>
<binaryMessageEncoding>
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binaryMessageEncoding>
<security authenticationMode="SecureConversation" requireDerivedKeys="true">
<secureConversationBootstrap authenticationMode ="UserNameForCertificate"/>
</security>
<compositeDuplex />
<oneWay />
<httpTransport hostNameComparisonMode="StrongWildcard" transferMode="Buffered" maxBufferPoolSize="1073741824" maxBufferSize="1073741824" maxReceivedMessageSize="1073741824" />
</binding>
Include a service certificate and put that in the service behavior 包括服务证书并将其放入服务行为中
<serviceBehaviors>
<behavior name="passwordValidatorServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFCallbackTry.Custom.CustomUserNameValidator.CustomUserNamePasswordValidator, WCFCallbackTry"/>
<serviceCertificate findValue="9d4c78cde9d2b82d751a5416fd2eb6df98d3b236" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
Then expose the endpoints 然后暴露端点
<services>
<service behaviorConfiguration="passwordValidatorServiceBehavior" name="WCFCallbackTry.Service1">
<endpoint address="http://MachineName:8018/Service1.svc" bindingConfiguration="CustomWSDualHttpBinding" binding="customBinding"
contract="WCFCallbackTry.IService" name="HttpEndPoint" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://MachineName:8018/Service1.svc"/>
</baseAddresses>
</host>
</service>
</services>
Client side Call the service as below 客户端如下致电服务
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient(new System.ServiceModel.InstanceContext(new CallBack()), "HttpEndPoint");
client.ClientCredentials.UserName.UserName = Environment.UserDomainName + @"\" + Environment.UserName;
client.ClientCredentials.UserName.Password = "aWNhdGU/56gfhvYmplY3RD~";
Include the DNS in your code if necessary 如有必要,在代码中包含DNS
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("MachineName");
EndpointAddress endpointAddress = new EndpointAddress(uri, identity);
client.Endpoint.Address = endpointAddress;
Hope this helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.