WCF基本身份验证未在IIS上使用

Question

I have a Rest WCF Service Using the following Configuration 我具有使用以下配置的Rest WCF服务

<service behaviorConfiguration="webBehaviour" name="AOS.BrokerAPI.WCFService.BrokerAPIService">
    <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange" />
    <endpoint address="brokerapi" binding="webHttpBinding" bindingConfiguration="webHttpBinding"
      name="web" contract="AOS.BrokerAPI.WCFService.IBrokerAPIService" behaviorConfiguration="EndPointBehaviour"/>
    <host>
      <baseAddresses>
        <add baseAddress="http://localhost:8733/Design_Time_Addresses/AOS.BrokerAPI.WCFService/BrokerAPIService/" />
        <add baseAddress="https://localhost:8732/Design_Time_Addresses/AOS.BrokerAPI.WCFService/BrokerAPIService/" />
      </baseAddresses>
    </host>
  </service>
</services>


<behavior name="webBehaviour">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"
        httpGetBinding="" />
      <serviceDiscovery />
      <!--<serviceAuthenticationManager serviceAuthenticationManagerType=""/>-->
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AOS.BrokerAPI.WCFService.Security.Account,AOS.BrokerAPI.WCFService" />
        <!--<serviceCertificate findValue="CN=Dev Certification Authority" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine"/>-->
      </serviceCredentials>
    </behavior>

When I run the application from my localhost it uses my custom username and password verification class but when I move it to IIS it fails to login. 当我从本地主机运行该应用程序时，它将使用我的自定义用户名和密码验证类，但是当我将其移至IIS时，它将无法登录。

I enabled Basic authentication and disabled anonymous authentication. 我启用了基本身份验证，并禁用了匿名身份验证。 Is there something else I might be missing? 还有其他我可能会想念的东西吗？

Here is the code for the Authentication class, this works perfectly on my localhost when using Visual Studio 这是Authentication类的代码，使用Visual Studio时，在我的localhost上可以正常使用

public class Account : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        //log the user in or return a webexception
        if (null == userName || null == password)
        {
            throw new ArgumentNullException();
        }

        var user = DB.GetUser(userName);
        //usernme  = test, password = Password1

        if (!AOS.BrokerAPI.Domain.Security.PasswordStorage.VerifyPassword(password, user.Password))
            throw new SecurityTokenException("Unknown Username or Incorrect Password");
    }
}

I have enabled Logging for the Authentication class, but the code never hits it. 我已经为身份验证类启用了日志记录功能，但是代码从未成功实现。

After spending hours google, I have found a solution though I cannot use it, the idea is to create an authorization extension to IIS and set it to your webconfig and enable it, that way IIS will use that instead of basic authentication. 在Google花费了数小时后，我找到了一个解决方案，尽管我无法使用它，但是它的想法是创建IIS的授权扩展并将其设置为您的webconfig并启用它，这样IIS将使用该扩展而不是基本身份验证。

Answer 1

Just for anyone who maybe looking for a solution to this problem, my solution was to host the application is a web application (asp.net MVC in my case) and used and HttpModule to handle the authentication and authorization 对于可能正在寻找解决此问题的方法的任何人，我的解决方案是将应用程序托管为一个Web应用程序（在我的情况下为asp.net MVC），并使用HttpModule进行身份验证和授权

using 使用

public class CustomAuthenticationModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
    }

    public void context_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpApplication application = (HttpApplication)sender;
        if (!SecuirtyHelper.Authenticate(application.Context))
        {
            application.Context.Response.Status = "01 Unauthorized";
            application.Context.Response.StatusCode = 401;
            application.Context.Response.AddHeader("WWW-Authenticate", "Basic realm=localhost");
           // application.Context.Response.ContentType = "application/json";
            application.CompleteRequest();
        }
    }

    public void Dispose()
    {

    }
}

This will allow for authentication using custom authentication. 这将允许使用自定义身份验证进行身份验证。 In the Authenticate method you would have to check if your request is secure, if there is an authorization header and try to validate user's cridentials 在Authenticate方法中，您将必须检查您的请求是否安全，是否存在授权标头并尝试验证用户的凭证

public static bool Authenticate(HttpContext context)
    {
        if (!HttpContext.Current.Request.IsSecureConnection)
            return false;

        if (!HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
            return false;

        string authHeader = HttpContext.Current.Request.Headers["Authorization"];

        IPrincipal principal;
        if (TryGetPrincipal(authHeader, out principal))
        {
            HttpContext.Current.User = principal;
            return true;
        }
        return false;
    }

private static bool TryGetPrincipal(string authHeader, out IPrincipal principal)
    {
        var creds = ParseAuthHeader(authHeader);
        if (creds != null && TryGetPrincipal(creds, out principal))
            return true;

        principal = null;
        return false;
    }

That should be all that is required for custom authentication on WCF using basic authentication. 这应该是使用基本身份验证在WCF上进行自定义身份验证所需的全部内容。

WCF基本身份验证未在IIS上使用

问题描述

1 个解决方案

解决方案1
0 已采纳 2016-07-20 08:03:00

WCF基本身份验证未在IIS上使用

问题描述

1 个解决方案

解决方案1 0 已采纳 2016-07-20 08:03:00

解决方案1
0 已采纳 2016-07-20 08:03:00