【发布时间】:2011-04-03 17:56:50
【问题描述】:
我想根据自定义成员资格和角色提供者对 WCF 服务的用户进行身份验证,但我不想使用证书来保护之间的流量。
是否可以使用 basicHttpBinding,在没有证书的情况下传递自定义凭据?
我问是因为我有一个 WCF 服务,其中所有成员资格提供程序管道等都通过配置连接并托管在 IIS 下,但用户详细信息没有传递到 IIS。
我有一个网络安全的 WAN,所以我不担心消息加密。
ASP.Net 兼容性已开启,配置如下。都是.Net 4.0;
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<membership defaultProvider="DemoMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="DemoMembershipProvider" type="DemoMembershipProvider" connectionStringName="SqlConn" applicationName="TestProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Clear" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="DemoRoleProvider" >
<providers>
<clear/>
<add name="DemoRoleProvider" connectionStringName="blah" applicationName="TestProvider" type="DemoRoleProvider" />
</providers>
</roleManager>
<customErrors mode="Off" />
</system.web>
<system.serviceModel>
<services>
<service name="DataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BindingConfiguration" contract="IDataService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="BindingConfiguration">
<security mode="None">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="DemoMembershipProvider" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="DemoRoleProvider" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
客户端代码是;
Console.WriteLine("Calling with valid credentials");
using (var y = new DataServiceRef.DataServiceClient())
{
y.ClientCredentials.UserName.UserName = "ryan";
y.ClientCredentials.UserName.Password = "password";
Console.WriteLine("Result: {0}", y.GetData("blah"));
}
【问题讨论】:
标签: c# wcf wcf-security