WCF数据服务身份验证

Question

- 是否可以通过使用基于证书的身份验证来保护WCF数据服务？

- 是否有描述此过程的资源？

- 我们可以将Message安全性与WCF数据服务一起使用吗？

Answer 1

你所有问题的答案都是“是”。 以下是Microsoft的模式和实践团队提供的非常有用的链接，可以完全满足您的需求。

http://msdn.microsoft.com/en-us/library/cc949005.aspx

Answer 2

基于证书的身份验证可以这样完成：

服务器端：

public class ODataService : DataService<Database>
    {
        public ODataService()
        {
            ProcessingPipeline.ProcessingRequest += ProcessingPipeline_ProcessingRequest;
        }

        void ProcessingPipeline_ProcessingRequest(object sender, DataServiceProcessingPipelineEventArgs e)
        {
            if (!HttpContext.Current.Request.ClientCertificate.IsPresent)
            {
                throw new DataServiceException(401, "401 Unauthorized");
            }

            var cert = new X509Certificate2(HttpContext.Current.Request.ClientCertificate.Certificate);
            if (!ValidateCertificate(cert))
            {
                throw new DataServiceException(401, "401 Unauthorized");
            }

            var identity = new GenericIdentity(cert.Subject, "ClientCertificate");
            var principal = new GenericPrincipal(identity, null);
            Thread.CurrentPrincipal = principal;
            HttpContext.Current.User = principal;
        }

        private bool ValidateCertificate(X509Certificate2 cert)
        {
            // do some validation
        }

客户端：

为数据库服务引用创建一个部分类（DataServiceContext）

public partial class Database
{
    // ref: http://social.msdn.microsoft.com/Forums/en-US/0aa2a875-fd59-4f3e-a459-9f604b374749/how-do-i-use-certificate-based-authentication-with-data-services-client?forum=adodotnetdataservices
    private X509Certificate clientCertificate = null;
    public X509Certificate ClientCertificate
    {
        get
        {
            return clientCertificate;
        }
        set
        {
            if (value == null)
            {
                // if the event has been hooked up before, we should remove it
                if (clientCertificate != null)
                {
                    SendingRequest -= OnSendingRequest_AddCertificate;
                }
            }
            else
            {
                // hook up the event if its being set to something non-null
                if (clientCertificate == null)
                {
                   SendingRequest += OnSendingRequest_AddCertificate;
                }
            }

            clientCertificate = value;
        }
    }

    private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
    {
        if (null != ClientCertificate)
        {
            (args.Request as HttpWebRequest).ClientCertificates.Add(ClientCertificate);
        }
    }

像这样使用它

        Database db = new Database(new Uri(service));
        db.ClientCertificate = CertificateUtil.GetCertificateByThumbprint(StoreName.My,
                                                                          StoreLocation.LocalMachine,
                                                                          "<a thumbprint>");

存储在客户端计算机上的私钥，存储在本地计算机/受信任根CA中的服务器上的公钥

请记住在IIS中要求/协商此站点的客户端证书。

（在WCF数据服务5.2，VS 2012上测试）

WCF数据服务身份验证

问题描述

2 个解决方案

解决方案1
3 2011-04-05 22:43:02

解决方案2
2 2013-11-11 11:28:09

WCF数据服务身份验证

问题描述

2 个解决方案

解决方案1 3 2011-04-05 22:43:02

解决方案2 2 2013-11-11 11:28:09

解决方案1
3 2011-04-05 22:43:02

解决方案2
2 2013-11-11 11:28:09