在使用基於WCF構建的API時,確保只需要驗證一次的最佳方法是什麼?如何在WCF中使用客戶端憑據進行身份驗證?
我現在的綁定和行爲列舉如下
<bindings>
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="NorthwindBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
接下來是我在用我的客戶端應用程序來驗證(目前我必須這樣做,每次我想打個電話到WCF)
Dim client As ProductServiceClient = New ProductServiceClient("wsHttpProductService")
client.ClientCredentials.UserName.UserName = "foo"
client.ClientCredentials.UserName.Password = "bar"
Dim ProductList As List(Of Product) = client.GetProducts()
我想要做的是使用這些憑證來驗證API,然後在客戶端應用程序使用Web服務項目的一段時間內獲取某種類型的令牌。我認爲establishsecuritycontext = true爲我做了這個?