2013-04-29 171 views
0

我正在使用Message Security進行WCF身份驗證。而我的clientCredentialType =「用戶名」。WCF身份驗證不起作用

即使我在訪問服務時沒有提供有效的用戶名和密碼,它仍然正常工作。

它應該做的認證,如果憑據是正確的,那麼只有它應該允許在這裏access.`enter代碼 的代碼如下: WCF服務行爲部分:

<behaviors> 
     <serviceBehaviors> 
     <behavior name="AuthenticationBehaviour"> 
      <serviceCredentials> 
      <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceAuthentication.Authenticator, WcfServiceAuthentication"/>    
      </serviceCredentials> 
      <!-- To avoid disclosing metadata information, set the values below to false before deployment --> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

WCF服務在Web.config中

<bindings> 
     <wsHttpBinding> 
      <binding name="Binding1"> 
      <security mode="Message"> 
       <message clientCredentialType="UserName" /> 
      </security> 
      </binding> 
     </wsHttpBinding> 
     </bindings> 

我驗證綁定節類

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.IdentityModel.Selectors; 
using System.ServiceModel; 
using log4net; 
using System.Reflection; 
namespace WcfServiceAuthentication 
{ 
    public class Authenticator : UserNamePasswordValidator 
    { 
     private static ILog _logger = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 
     public override void Validate(string userName, string password) 
     { 
      _logger.Info("Validate called with username:" + userName + " and password:" + password); 

      if (null == userName || null == password) 
      { 
       throw new ArgumentNullException(); 
      } 

      if (!(userName == "Admin" && password == "Admin123")) 
      { 
       // This throws an informative fault to the client. 
       throw new FaultException("Unknown Username or Incorrect Password"); 
      } 

      _logger.Info("End called"); 
     } 
    } 
} 

我的身份驗證服務

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)] 
    public class AuthenticationService : IAuthenticationService 
    { 


     public int add(int num1, int num2) 
     { 
      return (num1 + num2); 
     } 
    } 
} 

和客戶端應用程序:

AuthenticationServiceClient proxy = new AuthenticationServiceClient(); 

      //proxy.ClientCredentials.UserName.UserName = "Admin"; 
      //proxy.ClientCredentials.UserName.Password = "Admin123"; 
      int addition= proxy.add(10, 10); 
      return View(); 

這裏即使我不提供憑證,添加方法是工作的罰款。它應該要求認證。

+0

如果您需要幫助,請顯示您的代碼。 – Tim 2013-04-29 05:14:11

回答

0

通過添加下面的標籤來啓用身份驗證服務來修改網絡配置。

<system.web.extensions> <scripting> 
<webServices> 
    <authenticationService enabled="true" 
    requireSSL = "true"/> 
</webServices> </scripting> </system.web.extensions> 

它應該被添加到web配置文件。示例如下

<system.web.extensions> 
    <scripting> 
    <webServices> 
     <authenticationService enabled="true" 
     requireSSL = "true"/> 
    </webServices> 
</scripting> 
</system.web.extensions> 
<system.serviceModel> 
    <services> 
     <service name="System.Web.ApplicationServices.AuthenticationService" 
     behaviorConfiguration="AuthenticationServiceTypeBehaviors"> 
      <endpoint contract= 
     "System.Web.ApplicationServices.AuthenticationService" 
      binding="basicHttpBinding" 
      bindingConfiguration="userHttps" 
      bindingNamespace="http://asp.net/ApplicationServices/v200"/> 
     </service> 
    </services> 
    <bindings> 
    <basicHttpBinding> 
     <binding name="userHttps"> 
      <security mode="Transport" /> 
     </binding> 
    </basicHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
      <behavior name="AuthenticationServiceTypeBehaviors"> 
      <serviceMetadata httpGetEnabled="true"/> 
    </behavior> 
</serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment 
     aspNetCompatibilityEnabled="true"/> 
    </system.serviceModel> 
+0

這應該加在哪裏?在客戶端配置或服務配置。我將它添加到wcf服務配置中。那麼它也不認證。 – 2013-04-29 05:35:05