stackoom
  简体   繁体   中英

Revalidate Credentials on WCF UserNamePasswordValidator on each call

 原文  2019-06-05 16:20:20       c#/ wcf/ authentication

Question

I am using a custom Username/Password Validator on WCF over NetTcp, to authenticate clients connecting to my WCF Service. What I noticed, is that once a client gets authenticated, never gets validated again, meaning that if I want to revoke access from a client, I would need to manually force him to disconnect.

My serviceHost configuration looks like this: 

_serviceHost.Description.Behaviors.Add(credentialsBehavior);
_serviceHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
_serviceHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = _userValidator;
_serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
_serviceHost.Credentials.ServiceCertificate.SetCertificate(AppSettingsManager.I.CertificateStoreLocation, AppSettingsManager.I.CertificateStoreName, AppSettingsManager.I.CertificateFindBy, AppSettingsManager.I.CertificateFindValue);

and my clients connect using ChannelFactory: 

var client = new DuplexChannelFactory<T>(new InstanceContext(this), binding, endpointAddress);
client.Credentials.UserName.UserName = ConnectionProperties.Authentication.Credentials.Username;
client.Credentials.UserName.Password = ConnectionProperties.Authentication.Credentials.Password;
client.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = AppSettingsManager.I.CertificateValidationMode;

client.CreateChannel();

Is there a way to have the client credentials validated on every call, or periodically?

1 answers

solution1
 0  2019-06-06 08:30:41

Generally speaking, after invocation, the server will automatically close the connection, it depends on the following parameter of the binding.
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/configuring-timeout-values-on-a-binding
Of course, we can also close it manually on the client. 

client.Close()

In addition, I could not get your point. the session is continual, and you have set up the credential in the code snippets before calling the service. What do you mean that Never Gets Validate again?
In my opinion, if you want to revoke access from a client, you could change the validation logic on the server side.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF UserNamePasswordValidator - Access credentials after validation WCF wsDualHttpBinding and UserNamePasswordValidator wcf UserNamePasswordValidator class and client certificate Is there an WCF extension point that is called before UserNamePasswordValidator? WCF Authentication using basicHttpBinding and custom UserNamePasswordValidator? WCF self hosted HTTPS with custom UserNamePasswordValidator WCF service is instansiating on each call WCF ServiceHost crashes when UserNamePasswordValidator takes too long to process How to inject dependencies into a custom UserNamePasswordValidator in WCF using Ninject? How to use membershipProvider or usernamePasswordvalidator to create a user through WCF service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM