如何使用DI向WCF Web服务添加自定义授权
[英]How do I add custom authorisation to WCF web service using DI
问题描述
I am writing a WCF service using .NET 4.5 and SimpleInjector. 
我正在使用.NET 4.5和SimpleInjector编写WCF服务。 It is a REST service (using http/get/post). 这是一项REST服务(使用http / get / post)。
I need to add an authorisation layer to my service. 我需要在服务中添加一个授权层。 After a lot of messing around, I now have a custom authorisation manager based on ServiceAuthorizationManager. 经过一番混乱之后,我现在有了一个基于ServiceAuthorizationManager的自定义授权管理器。
All the examples I've seen (and I have found many) have hard coded username and password checking. 我看过的所有示例(并且已经发现很多示例)都使用硬编码的用户名和密码检查。 I would like to use a database, and therefore want to inject the data layer into my class. 我想使用一个数据库,因此想将数据层注入到我的课程中。 If I change the constructor to take a parameter, it throws an exception "No parameterless constructor defined for this object". 如果我更改构造函数以采用参数,则会引发异常“此对象未定义无参数构造函数”。
This is the example I based my code off: https://msdn.microsoft.com/en-us/library/ms731774(v=vs.110).aspx I added a constructor with an interface: 这是我基于代码的示例: https : //msdn.microsoft.com/zh-cn/library/ms731774(v=vs.110).aspx我添加了带有接口的构造函数:
public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
public MyServiceAuthorizationManager (IMyDataLayer mdl)
{ ...
Custom "Basic" Authentication for my WCF services. 我的WCF服务的自定义“基本”身份验证。 REST and RIA. REST和RIA。 Possible? 可能?
1 个解决方案
解决方案1
4 已采纳 2016-03-21 16:48:05
What you probably did is configure your manager class in a behavior of your configuration file (as the MSDN article shows): 您可能要做的是在配置文件的行为中配置管理器类(如MSDN文章所示):
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceAuthorization serviceAuthorizationManagerType="Samples.MyServiceAuthorizationManager,MyAssembly" />
</behavior>
</serviceBehaviors>
In that case WCF is completely in control over the creation of this type; 在这种情况下,WCF完全可以控制这种类型的创建。 not Simple Injector. 不是简单的喷油器。 This means that it requires a default constructor. 这意味着它需要一个默认的构造函数。
The first solution that comes to mind is to make that class a Humble Object and let it delegate to the real authentication logic that you place into a real service. 我想到的第一个解决方案是使该类成为Humble Object,并使其委派给您置于真实服务中的真实身份验证逻辑。 This basically means that your Humble Object does nothing more than calling into the container to resolve the real service and call its appropriate method. 基本上,这意味着您的Humble Object只不过是调用容器来解析实际服务并调用其适当的方法。 Resolving should be done inside the Humble Object's class and the 'real' service should not be cached. 解析应在Humble Object的类内完成,并且不应缓存“真实”服务。
Another option is to configure your manager from code (as MSDN also shows) by resolving it from the container and assigning it to WCF: 另一个选择是通过从容器中解析管理器并将其分配给WCF,从代码中配置管理器(如MSDN所示)。
serviceHost.Authorization.ServiceAuthorizationManager =
container.GetInstance<MyServiceAuthorizationManager>();
But care must be taken here, because the manager now becomes a singleton because WCF will hold on to it forever. 但是这里必须要小心,因为经理现在变成了单身,因为WCF将永远坚持下去。 Don't do this unless all its dependencies are singleton as well. 除非所有依赖项也都是单例的,否则不要这样做。 Make sure you register your manager explicitly in the container as singleton, so the container can check for captive dependencies for you when you call Verify . 确保在容器中以单例身份显式注册了经理,这样,当您调用Verify时,容器可以为您检查是否有依赖项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.