[英]How to authenticate client while consuming the WCF web service?
I want to authenticate a client while consuming a Web service. 我想在使用Web服务时对客户端进行身份验证。 I see a property exposed in the Client called ClientCredential in which we can pass username and password.
我看到客户端公开了一个名为ClientCredential的属性,我们可以在其中传递用户名和密码。 How can I pass this information to my WCF web service and how can i authenticate the user ID and password?
如何将这些信息传递给WCF Web服务,以及如何验证用户ID和密码?
If you want to use the ClientCredential with Username / Password, you need to configure that in the client side app.config like this - either use transport or message security, whichever works for you, and then specify 如果要使用带有用户名/密码的ClientCredential,则需要像这样在客户端app.config中进行配置-使用传输安全性或邮件安全性,以适合您的方式使用,然后指定
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="UserNameSecurity">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
and then you need to use this binding configuration "UserNameSecurity" in your endpoint on the client: 然后您需要在客户端的端点上使用此绑定配置“ UserNameSecurity”:
<client>
<endpoint address="http://localhost:8888/MyService"
binding="basicHttpBinding" bindingConfiguration="UserNameSecurity"
contract="IMyService" />
On the server side, you need to define how to authenticate the user - either using Windows (Active Directory Domain), or using the ASP.NET membership providers (and their associated user database): 在服务器端,您需要定义如何对用户进行身份验证-使用Windows(Active Directory域)或使用ASP.NET成员资格提供程序(及其关联的用户数据库):
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="Default">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
In this case, your username/password will be checked against the ASP.NET membership database. 在这种情况下,将根据ASP.NET成员资格数据库检查您的用户名/密码。
If this is all on an intranet, internally in a company, I would however rather use the integrated Windows security all around - it's much easier to setup and use, and more reliable and secure. 如果所有这些都在公司内部的Intranet上,那么我宁愿使用集成的Windows安全性-它更容易设置和使用,并且更加可靠和安全。 But it only works inside the company, inside the corporate firewalls.
但是它仅在公司内部,公司防火墙内部起作用。
Marc 渣
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.