堆栈内存溢出
  简体   繁体   English

在IIS中的同一VD中为相同的WCF服务实施用户名密码和客户端证书身份验证

[英]Implement username password and client certificate authentication for same WCF service in same VD in IIS

 原文  2011-10-17 15:55:53       wcf/ wcf-binding/ wcf-security

问题描述

I have a WCF service that is exposed. 我有一个暴露的WCF服务。 In terms of security i need to authenticate it with both client certificates and username password. 在安全性方面,我需要使用客户端证书和用户名密码对其进行身份验证。

Few clients are to be authenticated using client certificates and the others using username password. 很少有客户端使用客户端证书进行身份验证,其他客户端使用用户名密码。

When i configure the service to use client certificates the IIS --> SSL settings needs to be configured for SSL Require. 当我将服务配置为使用客户端证书时,需要为SSL要求配置IIS - > SSL设置。 Doing so the other clients who do not have a client certificate cannot access the service. 这样做,没有客户端证书的其他客户端无法访问该服务。

How do i go around on this problem? 我该如何解决这个问题?

2 个解决方案

解决方案1
 1  2011-10-18 09:08:19

It is not possible when hosting the service in IIS. 在IIS中托管服务时是不可能的。 The SSL configuration with required client certificate has scope for whole virtual directory / application where it is configured and everything hosted in that directory. 具有所需客户端证书的SSL配置具有整个虚拟目录/应用程序的范围,在该虚拟目录/应用程序中配置它以及在该目 So you must host the service twice each time in different virtual directory or web application with different configuration. 因此,您必须每次在具有不同配置的不同虚拟目录或Web应用程序中托管服务两次。

Alternatively you can self host the service in windows service and specify separate configuration for each endpoint. 或者,您可以在Windows服务中自托管服务,并为每个端点指定单独的配置。

解决方案2
 1 已采纳  2011-10-18 09:30:04

I think i did find a solution to the above problem. 我想我确实找到了上述问题的解决方案。

You just need to have the services in different folders under the virtual directory. 您只需要将服务放在虚拟目录下的不同文件夹中。

Once you have the services as above in IIS just select the folder that does client certificate authentication and set the folders SSL Settings. 在IIS中获得上述服务后,只需选择执行客户端证书身份验证的文件夹,然后设置文件夹SSL Settings。

NOTE: In IIS you can set the settings for each folder using web.config or in the IIS features view for each folder. 注意:在IIS中,您可以使用web.config或每个文件夹的IIS功能视图设置每个文件夹的设置。

That way you can achieve multiple authentications. 这样您就可以实现多种身份验证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF:同时使用流和用户名/密码身份验证 - WCF: Using Streaming and Username/Password authentication at the same time WCF客户端使用证书和用户名/密码凭据? - WCF Client Using Certificate and Username/Password credentials? 客户端在WCF中是否需要用于用户名身份验证的证书 - Does the client need a certificate for username authentication in WCF 来自同一主机上的 Invoke-WebRequest 的 WCF 客户端证书身份验证 - WCF client certificate authentication from Invoke-WebRequest on the same host WCF 服务中的自定义客户端证书和用户名验证 - Custom client certificate and username validation in WCF service 具有SSL和用户名和密码身份验证的自主WCF服务 - Selfhosted WCF Service with SSL and Username and Password authentication 具有自定义用户名密码身份验证问题的WCF服务 - WCF Service with custom username password authentication problem Android WCF服务用户名密码身份验证 - Android WCF Service Username Password Authentication WCF 下的 SOAP web 服务的同时客户端证书和用户名身份验证 - Simultaneous client-certificate and username authentication of a SOAP web service under WCF Tomcat应用程序到具有客户端证书身份验证的WCF服务 - Tomcat Application to WCF Service with Client Certificate Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM