stackoom
  简体   繁体   中英

Pass in username and password in an xml request to wcf service for authentication?

 原文  2011-05-12 19:47:02       xml/ wcf

Question

I have a wcf service in which the user will need to be authenticated before they can make a service call. There will be no website where the user is validated through login or a windows/console app where the user is validated. I was thinking of doing something like this:

Pass in a request: 

<GetCars>
    <Credentials username="test" password="test" />
</GetCars>

If the username and password are successful, return the successful response for GetCars else fail.

The problem is that I don't know how to pass in a request to a wcf service like the above and then read the username and password attributes to validate it.

1 answers

solution1
 6 ACCPTED  2011-05-12 19:55:34

I will shortly try to describe the method I use in my own WCF Service for authentication. There is built-in authentication handling with WCF SOAP endpoints using WS-Security specification (ie, wsHttpBinding , as you are using). You can implement using settings in web.config like this: 

<bindings>
  <wsHttpBinding>
    <binding name="myBindingName">
      <security mode="Message">
        <transport clientCredentialType="None" />
        <message clientCredentialType="UserName" />
      </security>

Then you can specify a custom type to handle authentication logic: 

<behaviors>
  <serviceBehaviors>
    <behavior name="myBehaviorName">
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="NameSpaceName.Class,AssemblyName" />
      </serviceCredentials>

This class that handles authentication logic should extend UserNamePasswordValidator (will need to reference System.IdentityModel.dll and import System.IdentityModel.Selectors for this) and override Validate : 

public class MyValidator : UserNamePasswordValidator {
    public override void Validate(string userName, string password) {
        // check password. if success, do nothing
        // if fail, throw a FaultException
    }
}

Calling this code using an ASP.Net WCF client needs to use ClientCredential to pass the username and password, like this: 

// This pattern needs to be repeated and username / password set with every creation
// of a client object.  This can be refactored to a separate method to simplify.
MyAPIClient client = new MyAPIClient();

// yes UserName is there twice on purpose, that's the proper structure
client.ClientCredentials.UserName.UserName = theUsername;
client.ClientCredentials.UserName.Password = thePassword;

try {
    client.Open();
    client.DoSomething();
    client.Close();
} catch (Exception ex) {
    // handle exception, which should contain a FaultException;
    // could be failed login, or problem in DoSomething
}

Obviously the binding and behavior defined above have to be assigned to the service itself using the behaviorConfiguration and bindingConfiguration properties.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android XML web service username and password validation Send xml with a post request to wcf service on iis How to desalinize an xml and pass it through wcf service in c# How pass XML from PHP to the Soap WCF service? How to create a WCF Service with no structure (XML request and response) 400 bad request sending xml payload to WCF REST service WCF Service returning XML Access wcf service with clientCredentialType=“UserName” using soapui WCF service unable to deserialize XML request due to namespace attribute being on root XML node How do I get the XML SOAP request of an WCF Web service request?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM