[英]Setting up authentication for SSL protected WSIT / Metro web service and client
I'm kind of confused about setting up standard authentication for my SSL protected service. 我对为受SSL保护的服务设置标准身份验证感到困惑。 I have tried the HTTP header way , but that's non standard, and WS-I is important for me.
我已经尝试过HTTP标头方式 ,但这是非标准的,而WS-I对我来说很重要。 It is possible to set up the
Authentication Token
to be Username
on method level. 可以在方法级别将
Authentication Token
设置为Username
。 This is the resulted BindingPolicy
in the WSIT XML: 这是WSIT XML中的结果
BindingPolicy
:
<wsp:Policy wsu:Id="DataStoreWSPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:Wss10/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DataStoreWSPortBinding_hello_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
SvcUtil warnings: SvcUtil警告:
<!-- WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://webServices/': -->
<!-- <wsdl:binding name='DataStoreWSPortBinding'> -->
<!-- <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">..</sp:SupportingTokens> -->
I want to set credentials in the WCF client via ClientCredentials
and then authenticate on the service side via database. 我想通过
ClientCredentials
在WCF客户端中设置凭据,然后通过数据库在服务端进行身份验证。 What are the steps to achieve that? 有哪些步骤可以实现?
If you want to have standard way on transport level why don't you use HTTP Basic authentication? 如果要在传输级别上使用标准方式,为什么不使用HTTP Basic身份验证? That is the common standardized authentication mechanism for HTTP protocol and it works with web services as well.
这是HTTP协议的通用标准化身份验证机制,它也可以与Web服务一起使用。
The error you got is most probably because of SupportingTokens
assertion. 您收到的错误很可能是因为
SupportingTokens
断言。 Even it is correct assertion WCF doesn't support it. 即使是正确的断言,WCF也不支持它。 Try to use
SignedSupportingTokens
or SignedEncryptedSupportingTokens
. 尝试使用
SignedSupportingTokens
或SignedEncryptedSupportingTokens
。 If you are not able to modify your service to produce such WSDL you can even try to modify the WSDL you got manually. 如果您不能修改服务以产生这样的WSDL,您甚至可以尝试修改您手动获得的WSDL。
What you meant by WS-I? WS-I是什么意思? There are multiple WS-I standards and some of them don't expect policies at all - just plain SOAP services where headers are described in WSDL directly.
有多种WS-I标准,其中一些根本不期望使用策略-只是普通的SOAP服务,其中的标头直接在WSDL中描述。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.