[英]Custom WCF credential validator with basicHttpBinding, Transport security, and Basic client credential type
I have been reading the WCF configuration documentation and would like a confirmation on a limitation that I've encountered.我一直在阅读 WCF 配置文档,并希望确认我遇到的限制。
I have a client that expects the following binding configuration:我有一个需要以下绑定配置的客户端:
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
On the server side I have implemented a custom user name and password validator because we don't use Windows or domain accounts for clients.在服务器端,我实现了自定义用户名和密码验证器,因为我们不使用 Windows 或客户端的域帐户。 I followed this guide: https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-use-a-custom-user-name-and-password-validator , but they and other examples I've seen use wsHttpBinding or add message security.
我遵循了本指南: https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-use-a-custom-user-name-and-password-validator ,但是他们和我见过的其他示例使用 wsHttpBinding 或添加消息安全性。
The server endpoints and behaviors look something like this:服务器端点和行为如下所示:
<services>
<service name="MyWcfService.Service" behaviorConfiguration="MyBehavior">
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="MyWcfService.IService"/>
<endpoint
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="MyValidator, MyWcfService"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
When hosting the service in IIS with basic authentication enabled the custom validator is not hit, IIS tries to validate the provided credentials against Windows accounts and fails with this message if the user account doesn't exist:在启用基本身份验证的 IIS 中托管服务时,未命中自定义验证器,IIS 尝试根据 Windows 帐户验证提供的凭据,如果用户帐户不存在,则失败并显示此消息:
The HTTP request is unauthorized with client authentication scheme 'Basic'.
HTTP 请求未经客户端身份验证方案“基本”授权。
So is it impossible to have a custom credential validator for a service hosted in IIS with basicHttpBinding, Transport security mode, and Basic transport client credential type?那么,对于托管在 IIS 中的具有 basicHttpBinding、传输安全模式和基本传输客户端凭据类型的服务,是否不可能拥有自定义凭据验证器? Is there no way to override the basic Windows authentication that IIS does?
有没有办法覆盖 IIS 所做的基本 Windows 身份验证?
We should use UserName
authentication instead of the Basic authentication, subsequently, we could have a custom credential validator for that service.我们应该使用
UserName
身份验证而不是 Basic 身份验证,随后,我们可以为该服务使用自定义凭据验证器。
<basicHttpBinding>
<binding name="mybinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
<serviceCredentials>
<userNameAuthentication customUserNamePasswordValidatorType="WcfService3.CustUserNamePasswordVal,WcfService3" userNamePasswordValidationMode="Custom"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
For details,有关详细信息,
How to add user/pass authentication in WCF 如何在 WCF 中添加用户/通过身份验证
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
So far it looks like it's not possible to use a custom credential validator with this binding configuration.到目前为止,似乎无法在此绑定配置中使用自定义凭据验证器。
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.