[英]WCF service - Custom Authentication doesn't work
I am trying to set up authentication on my webservice, however, after setting up a validation class that inherits from UserNamePasswordValidator
, the service still allows the client to work without a username or password 我正在尝试在Web服务上设置身份验证,但是,在设置从
UserNamePasswordValidator
继承的验证类之后,该服务仍允许客户端在没有用户名或密码的情况下工作
Web Service 网络服务
Imports System.IdentityModel.Selectors
Public Class Authentication
Inherits UserNamePasswordValidator
Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
If Nothing = userName OrElse Nothing = password Then
Throw New ArgumentNullException()
End If
If Not (userName = "1" AndAlso password = "2") Then
' This throws an informative fault to the client.
Throw New FaultException("Unknown Username or Incorrect Password")
' When you do not want to throw an infomative fault to the client,
' throw the following exception.
' Throw New SecurityTokenException("Unknown Username or Incorrect Password")
End If
End Sub
End Class
Web.config Web.config
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
<endpoint binding="basicHttpBinding" contract="Webservice.IService1"
behaviorConfiguration="webHttp"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Webservice.Authentication, Webservice" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Client side 客户端
Dim client As Webservice.Service1Client = New Webservice.Service1Client()
'I was expecting this call to error as no username or password was produced
return client.getData(Data)
Is there anything I am missing? 我有什么想念的吗?
Thanks 谢谢
You will need more configuration to make it work. 您将需要更多配置才能使其正常运行。
But to get your error you need to actually use your bindingConfiguration
. 但是要得到错误,您需要实际使用
bindingConfiguration
。
So change your endpoint configuration to this: 因此,将端点配置更改为:
<services>
<service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
<endpoint binding="basicHttpBinding" contract="Webservice.IService1"
bindingConfiguration="Binding1"/>
</service>
</services>
Then you will start receiving errors that hopefully will guide you to create a proper configuration. 然后,您将开始收到错误,希望它们将指导您创建正确的配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.