WCF:如何以无效方法验证凭据?
[英]WCF: How to validate credentials in a void method?
问题描述
I want to use my Self Hosted WCF Service with Credentials, so I watched a few tutorials how to do it and I came to the solution to inherit from the "UserNamePasswordValidator" class and override the Validate method. 
我想将自己的WCF服务与凭据一起使用,因此我观看了一些教程,以了解如何做到这一点,并得出了从“ UserNamePasswordValidator”类继承并覆盖Validate方法的解决方案。 This class i can set in my App.config: 我可以在App.config中设置此类:
public class UNValidator : UserNamePasswordValidator
{
public UNValidator() : base()
{
}
public override void Validate(string userName, string password)
{
if (userName == "user" && password == "secret")
return;
throw new System.IdentityModel.Tokens.SecurityTokenException(
"Unknown Username or Password");
}
}
The Validate method is a void!? Validate方法无效! I use the WCF Service in my server application, when someone who wants to log in and makes a typo the server will crash. 我在服务器应用程序中使用WCF服务,当有人要登录并输入错误时,服务器将崩溃。 How I can decline a wrong User log in without throwing an exception? 如何拒绝错误的用户登录而不会引发异常?
Any help appreciated. 任何帮助表示赞赏。
3 个解决方案
解决方案1
0 2017-04-06 09:42:41
With my own experience building web portals, I do not use a custom UserNamePasswordValidator method to validate users but I create an application key/password and validate it instead. 以我自己构建Web门户的经验,我不使用自定义UserNamePasswordValidator方法来验证用户,而是创建应用程序密钥/密码并对其进行验证。
After that I have my own authentication service (in my case i'm authenticating AD users) and I thrown exceptions if the credentials don't match. 之后,我将拥有自己的身份验证服务(在本例中,我正在对AD用户进行身份验证),并且如果凭据不匹配,则会抛出异常。 With these scenario you have full control on your exceptions and you can handle them as you wish. 在这些情况下,您可以完全控制异常,并且可以根据需要处理它们。
If I were you I would do the following: 如果您是我,请执行以下操作:
- Create a pair app_key/app_secret and place them in front end/services web.config(assuming this is secure in the server), so you can use your custom password validator, this makes sure no other application is using your service layer. 创建一个对app_key / app_secret并将它们放置在前端/服务web.config中(假设这在服务器中是安全的),因此您可以使用自定义密码验证程序,以确保没有其他应用程序在使用您的服务层。
- Create a Web service for authentication only, where you validate your user, create tokens that will be passed to the session on front end. 创建仅用于身份验证的Web服务,在此您可以验证用户并创建将传递给前端会话的令牌。 Here you have full power to do what you want. 在这里,您完全有能力做自己想做的事情。
解决方案2
0 2017-04-06 11:54:42
I found the solution by try and error. 我通过尝试和错误找到了解决方案。
Its simpler as i thought, just abort the Thread: 如我所想,它更简单,只需中止线程:
public override void Validate(string userName, string password)
{
if (userName == "test" && password == "test")
return;
System.Threading.Thread.CurrentThread.Abort();
}
If the thread is aborted, the client gets an error "403: Unauthorized" and the server application keeps running. 如果线程异常终止,则客户端将显示错误“ 403:未经授权”,并且服务器应用程序将继续运行。
解决方案3
-1 2017-04-06 09:14:02
Use a try/catch block to handle the exception when calling the method. 调用方法时,请使用try / catch块来处理异常。
try
{
//Logging in.
var validator = new UNValidator();
validator.Validate(username, password);
//Anything written past this point means your login was successful.
}
catch
{
//Catch the exception here, which means invalid login.
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.