具有SSL和用户名和密码身份验证的自主WCF服务
[英]Selfhosted WCF Service with SSL and Username and Password authentication
问题描述
我想从控制台应用程序发布WCF服务。 出于安全考虑,我想通过SSL进行通信,因此我创建了一个自签名证书。 对于身份验证,我编写了自己的UserNamePasswordValidator。 不幸的是,这不起作用
到目前为止这是我的代码:
服务器
public class Program
{
public static void Main()
{
var baseAddress = new Uri("https://localhost:8080/SelfHostedUsernamePasswordService");
using (var host = new ServiceHost(typeof(SelfHostedUsernamePasswordService), baseAddress))
{
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
var endpoint = host.AddServiceEndpoint(typeof(ISelfHostedUsernamePasswordService), binding, baseAddress);
var cf = new ChannelFactory<ISelfHostedUsernamePasswordService>(binding, endpoint.Address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"0000000000000000000000000000000000000000");
var metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpsGetEnabled = true;
metadataBehavior.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
host.Description.Behaviors.Add(metadataBehavior);
var credentialBehavior = new ServiceCredentials();
credentialBehavior.UserNameAuthentication.CustomUserNamePasswordValidator = new UsernamePasswordValidator();
credentialBehavior.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
host.Description.Behaviors.Add(credentialBehavior);
host.Open();
Console.WriteLine("The service is ready at {0}", baseAddress);
Console.WriteLine("Press <Enter> to stop the service.");
Console.ReadLine();
host.Close();
}
}
}
public class UsernamePasswordValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (!string.Equals(userName, "admin", StringComparison.OrdinalIgnoreCase) ||
!string.Equals(password, "password", StringComparison.Ordinal))
{
Console.WriteLine("Validation failed.");
throw new SecurityTokenException("Validation failed.");
}
Console.WriteLine("Validation successful.");
}
}
客户
class Program
{
static void Main()
{
using (var client = new SelfHostedUsernamePasswordServiceClient())
{
client.ClientCredentials.UserName.UserName = "admin";
client.ClientCredentials.UserName.Password = "password";
var result = client.GetData(12345);
Console.WriteLine("Result from service: {0}", result);
client.Close();
}
}
}
使用此代码,我得到一个MessageSecurityException(无法找到'System.IdentityModel.Tokens.UserNameSecurityToken'令牌类型的令牌验证器)。 但我想创建一个TokenAuthenticator,我走错了路......
顺便说一下,从不调用UsernamePasswordValidator。
1 个解决方案
解决方案1
4 已采纳 2014-03-12 12:08:28
好的,我知道了。
我必须将Transport CredentialType设置为'Certificate',将Message CredentialType设置为'UserName'。 在双方。
这是工作代码:
服务器
public class Program
{
public static void Main()
{
var baseAddress = new Uri("https://localhost:8080/SelfHostedUsernamePasswordService");
using (var host = new ServiceHost(typeof(SelfHostedUsernamePasswordService), baseAddress))
{
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
var endpoint = host.AddServiceEndpoint(typeof(ISelfHostedUsernamePasswordService), binding, baseAddress);
var cf = new ChannelFactory<ISelfHostedUsernamePasswordService>(binding, endpoint.Address);
cf.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"0000000000000000000000000000000000000000");
var credentialBehavior = new ServiceCredentials();
credentialBehavior.UserNameAuthentication.CustomUserNamePasswordValidator = new UsernamePasswordValidator();
credentialBehavior.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
credentialBehavior.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true;
host.Description.Behaviors.Add(credentialBehavior);
var metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpsGetEnabled = true;
metadataBehavior.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
host.Description.Behaviors.Add(metadataBehavior);
host.Open();
Console.WriteLine("The service is ready at {0}", baseAddress);
Console.WriteLine("Press <Enter> to stop the service.");
Console.ReadLine();
host.Close();
}
}
}
public class UsernamePasswordValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (!string.Equals(userName, "admin", StringComparison.OrdinalIgnoreCase) ||
!string.Equals(password, "password", StringComparison.Ordinal))
{
Console.WriteLine("Validation failed.");
throw new SecurityTokenException("Validation failed.");
}
Console.WriteLine("Validation successful.");
}
}
客户
class Program
{
static void Main()
{
var remoteAddress = new EndpointAddress(new Uri("https://localhost:8080/SelfHostedUsernamePasswordService"));
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
using (var client = new SelfHostedUsernamePasswordServiceClient(binding, remoteAddress))
{
client.ClientCredentials.UserName.UserName = "admin";
client.ClientCredentials.UserName.Password = "password";
var result = client.GetData(12345);
Console.WriteLine("Got result from service: {0}", result);
Console.ReadLine();
client.Close();
}
}
}
DMZ防火墙后面的WCF服务的用户名和密码身份验证
[英]Username and password authentication for WCF service behind DMZ firewall
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.