如何在 WCF 服务的所有后续 HTTP 请求标头中获得身份验证 cookies?
[英]How do I get Authentication cookies in all subsequent HTTP Request headers to a WCF service?
问题描述
I am having troubles getting authentication cookies placed into the HTTP Request Headers of a client Windows Service consuming a WCF Service hosted in IIS that is using 'Sessions'. 
I am having troubles getting authentication cookies placed into the HTTP Request Headers of a client Windows Service consuming a WCF Service hosted in IIS that is using 'Sessions'. The client app uses Forms Authentication to gain access to the WCF Service.客户端应用程序使用 Forms 身份验证来访问 WCF 服务。 After a successful Authentication, I capture the HTTP Response header contains a Set-Cookie for.ASPXAUTH and a Set-Cookie for ASP.NET_SessionId.成功验证后,我捕获 HTTP 响应 header 包含一个用于 .ASPXAUTH 的 Set-Cookie 和一个用于 ASP.NET_SessionId 的 Set-Cookie。 I add these cookies to the HTTP Request header for all subsequent requests to the WCF Service.我将这些 cookies 添加到 HTTP 请求 header 以获取对 ZFB608636129CB256B7FE91E 的所有后续请求。 Using the Fiddler debugging tool I can see that for every request to the WCF service, two HTTP Requests are sent.使用 Fiddler 调试工具我可以看到,对于 WCF 服务的每个请求,都会发送两个 HTTP 请求。 The first HTTP Request header does not contain the cookies but the second HTTP Request does.第一个 HTTP 请求 header 不包含 cookies 但第二个 Z293C9EA246FF998789DC6F62A6086 请求包含。 When I secure the service by setting the Authorization section of the web.config to 'deny users=”?”', the first HTTP Request without the cookies in the header forces a 'Redirect' back to login preventing access to the service. When I secure the service by setting the Authorization section of the web.config to 'deny users=”?”', the first HTTP Request without the cookies in the header forces a 'Redirect' back to login preventing access to the service. The first request I believe to be related to the use of 'Sessions'.我认为第一个请求与“会话”的使用有关。 When I disable 'Sessions' in my WCF Service, I get only one HTTP Request per WCF call and the cookies are in the header. When I disable 'Sessions' in my WCF Service, I get only one HTTP Request per WCF call and the cookies are in the header. How do I get the cookies returned from Authentication in all of the HTTP Request headers sent to my WCF Service?如何在发送到我的 WCF 服务的所有 HTTP 请求标头中获取从身份验证返回的 cookies? Any help with this issue would be very much appreciated.对此问题的任何帮助将不胜感激。
I have included my bindings from the client.我已经包含了来自客户端的绑定。
<customBinding>
<binding name="CustomBinding_IMySyncService" receiveTimeout="00:01:00"
sendTimeout="00:01:00">
<reliableSession acknowledgementInterval="00:00:30"
inactivityTimeout="00:03:00"
maxTransferWindowSize="4096" />
<binaryMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binaryMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
<binding name="CustomBinding_AuthenticationService">
<binaryMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binaryMessageEncoding>
<httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
1 个解决方案
解决方案1
1 2011-06-10 07:36:47
I guess by session you mean reliable session allowed in your binding.我猜 session 你的意思是在你的绑定中允许可靠的 session 。 Reliable session sends infrastructure messages which are out of your control.可靠的 session 发送您无法控制的基础设施消息。 The modifying that behavior with demand some modification on very low level of WCF channel stack.修改该行为需要对非常低级别的 WCF 通道堆栈进行一些修改。
If you want to use ASP.NET session handled by cookies you have to use ASP.NET compatibility mode.如果要使用 cookies 处理的 ASP.NET session 必须使用 Z9E0DA8438E1E38A1DDZCE 兼容模式。 Even with ASP.NET compatibility WCF doesn't suppose that authentication will be handled by cookies - the correct way is authenticating each request.即使与 ASP.NET 兼容性 WCF 不认为身份验证将由 cookies 处理 - 正确的方法是验证每个请求。 WCF also by default doesn't use cookies at all. WCF 默认也不使用 cookies。
ASP.NET compatibility mode is supposed to be used with plain web services - as backward compatibility with old ASMX web services. ASP.NET 兼容模式应该与普通的 web 服务一起使用 - 作为与旧 ASMX web 服务的向后兼容性。 So it doesn't have to work with more advanced protocols like WS-Reliable Session.因此它不必使用更高级的协议,如 WS-Reliable Session。 Use either reliable session or ASP.NET compatibility - not both.使用可靠的 session 或 ASP.NET 兼容性 - 不能同时使用两者。
Once you are using reliable session you already have WCF session (the single service instance handles all request from the same client proxy instance) so you don't need ASP.NET session. Once you are using reliable session you already have WCF session (the single service instance handles all request from the same client proxy instance) so you don't need ASP.NET session. If you use built-in WCF security pipeline authentication credentials should be send by the proxy automatically within each message.如果您使用内置 WCF 安全管道身份验证凭据,则应由代理在每条消息中自动发送。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.