WCF服務-自定義身份驗證不起作用

Question

我正在嘗試在Web服務上設置身份驗證，但是，在設置從UserNamePasswordValidator繼承的驗證類之后，該服務仍允許客戶端在沒有用戶名或密碼的情況下工作

網絡服務

Imports System.IdentityModel.Selectors

Public Class Authentication
    Inherits UserNamePasswordValidator

        Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
            If Nothing = userName OrElse Nothing = password Then
                Throw New ArgumentNullException()
            End If

            If Not (userName = "1" AndAlso password = "2") Then
                ' This throws an informative fault to the client.
                Throw New FaultException("Unknown Username or Incorrect Password")
                ' When you do not want to throw an infomative fault to the client,
                ' throw the following exception.
                ' Throw New SecurityTokenException("Unknown Username or Incorrect Password")
            End If

        End Sub

    End Class

Web.config

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>

    <bindings>
      <basicHttpBinding>
        <binding name="Binding1">
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
              <endpoint binding="basicHttpBinding" contract="Webservice.IService1"
              behaviorConfiguration="webHttp"/>
      </service> 
    </services>

    <behaviors>
      <serviceBehaviors>

        <behavior name="ServiceBehavior">
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Webservice.Authentication, Webservice" />
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>


        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>

      <endpointBehaviors>
        <behavior name="webHttp">
          <webHttp/>
        </behavior>
      </endpointBehaviors>

    </behaviors>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

客戶端

Dim client As Webservice.Service1Client = New Webservice.Service1Client()

'I was expecting this call to error as no username or password was produced

return client.getData(Data)

我有什么想念的嗎？

謝謝

Answer 1

您將需要更多配置才能使其正常運行。

但是要得到錯誤，您需要實際使用bindingConfiguration 。

因此，將端點配置更改為：

<services>
    <service name="Webservice.Service1" behaviorConfiguration="ServiceBehavior">
            <endpoint binding="basicHttpBinding" contract="Webservice.IService1"
            bindingConfiguration="Binding1"/>
    </service> 
</services>

然后，您將開始收到錯誤，希望它們將指導您創建正確的配置。