[英]How can I enable Security in LogReceiverService (NLog)
I have to make a centralized log repository and I decided to mount a WCF service implementing NLog's LogReceiverService (through wsHttpBinding). 我必须建立一个集中的日志存储库,并决定安装实现NLog的LogReceiverService的WCF服务(通过wsHttpBinding)。 I followed this topic where I found a working example (there is a working code at bitbucket ).
我遵循了这个主题 ,在其中找到了一个有效的示例( bitbucket上有一个有效的代码)。
Ok, now the problem: I would like to add some security to this WCF Service, expose it through HTTPS and maybe add an Authentication Token . 好的,现在是问题所在:我想为此WCF服务添加一些安全性,通过HTTPS公开它,也许还要添加一个Authentication Token 。 I have programmed this kind of authentication earlier, so I do know how to do it, it's just I don't know how can I program that within NLog.
我之前已经对这种身份验证进行了编程,所以我确实知道该怎么做,只是我不知道如何在NLog中进行编程。 Should I modify the Class where NLog makes the call to the WCF Method?
我应该修改NLog调用WCF方法的类吗? I just can't picture how to do it.
我只是无法想象怎么做。 Any ideas about how to achieve this functionality is really appreciated.
非常感谢有关实现此功能的任何想法。
Finally I was able to do this. 最终,我能够做到这一点。
Let me tell you I was able to configure the desired behavior :) 让我告诉你我能够配置所需的行为:)
First we configure the server as follows: 首先,我们按以下方式配置服务器:
The configuration of System.ServiceModel for the web.config of the WCFService is: WCFService的web.config的System.ServiceModel的配置为:
<system.serviceModel>
<services>
<service name="Your.Namespace.Path.To.Your.Service" behaviorConfiguration="SecureBehavior">
<endpoint binding="wsHttpBinding" bindingConfiguration="SecureBinding" contract="NLog.LogReceiverService.ILogReceiverServer"/>
<endpoint binding="mexHttpBinding" contract="IMetadataExchange" address="mex"/>
<host>
<baseAddresses>
<add baseAddress="https://your_secure_domain.com/servicePath"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SecureBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpsGetEnabled="true"/>
<serviceCredentials>
<!--You must set your certificate configuration to make this example work-->
<serviceCertificate findValue="0726d1969a5c8564e0636f9eec83f92e" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySerialNumber"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AssamblyOf.YourCustom.UsernameValidator.UsernameValidator, AssamblyOf.YourCustom.UsernameValidator"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="SecureBinding" closeTimeout="00:00:20" openTimeout="00:00:20" receiveTimeout="00:00:20" sendTimeout="00:00:20">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
The CustomUserNameValidator CustomUserNameValidator
public class UsernameValidator : UserNamePasswordValidator
{
private const string UserName = "your_username_here";
private const string Password = "your_password_here";
public override void Validate(string userName, string password)
{
// validate arguments
if (string.IsNullOrEmpty(userName))
throw new ArgumentNullException("userName");
if (string.IsNullOrEmpty(password))
throw new ArgumentNullException("password");
//
// Nombre de usuario y contraseñas hardcodeados por seguridad
//
if (!userName.Equals(UserName) || !password.Equals(Password))
throw new SecurityTokenException("Nombre de usuario o contraseña no válidos para consumir este servicio");
}
}
then we go to the Client configuration 然后我们去客户端配置
First, create a inherited class from LogReceiverWebServiceTarget and I override the method CreateWcfLogReceiverClient, then in that method add the credentials. 首先,从LogReceiverWebServiceTarget创建一个继承的类,然后重写方法CreateWcfLogReceiverClient,然后在该方法中添加凭据。
// we assume that this class is created in NLog.CustomExtendedService namespace
[Target("LogReceiverSecureService")]
public class LogReceiverSecureService : NLog.Targets.LogReceiverWebServiceTarget
{
/// <summary>
/// Gets or sets the UserName of the service when it's authentication is set to UserName
/// </summary>
/// <value>The name of the endpoint configuration.</value>
public string ServiceUsername { get; set; }
/// <summary>
/// Gets or sets de Password of the service when it's authentication is set to UserName
/// </summary>
public string ServicePassword { get; set; }
/// <summary>
/// Creates a new instance of WcfLogReceiverClient.
///
/// We make override over this method to allow the authentication
/// </summary>
/// <returns></returns>
protected override NLog.LogReceiverService.WcfLogReceiverClient CreateWcfLogReceiverClient()
{
var client = base.CreateWcfLogReceiverClient();
if (client.ClientCredentials != null)
{
//
// You could use the config file configuration (this example) or you could hard-code it (if you do not want to expose the credentials)
//
client.ClientCredentials.UserName.UserName = this.ServiceUsername;
client.ClientCredentials.UserName.Password = this.ServicePassword;
}
return client;
}
}
Then we set up the application's config file 然后我们设置应用程序的配置文件
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ILogReceiverServer">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://your_secure_domain.com/servicePath/Logger.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ILogReceiverServer" contract="NLog.LogReceiverService.ILogReceiverClient"
name="WSHttpBinding_ILogReceiverServer" />
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
Finally we configure the NLog.config 最后,我们配置NLog.config
<extensions>
<add assembly="NLog.CustomExtendedService" /> <!--Assuming the custom Target was added to this assambly -->
</extensions>
<targets>
<target xsi:type="LogReceiverSecureService"
name="RemoteWcfLogger"
endpointConfigurationName="WSHttpBinding_ILogReceiverServer"
endpointAddress="https://your_secure_domain.com/servicePath/Logger.svc"
ServiceUsername="your_username_here"
ServicePassword="your_password_here"
useBinaryEncoding="True"
clientId="YourApplicationNameOrId"
includeEventProperties="True">
</target>
</targets>
I posted an entire answer at the googlegroup of NLog, so enjoy it https://groups.google.com/d/msg/nlog-users/Xryu61TaZKM/Utbvrr5mwA0J 我在NLog的googlegroup上发布了完整的答案,请尽情享受https://groups.google.com/d/msg/nlog-users/Xryu61TaZKM/Utbvrr5mwA0J
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.