【发布时间】:2014-10-14 09:22:51
【问题描述】:
我有一个 WCF 服务应用程序,我只想通过更改配置来启用或禁用安全性。
我创建了两个basicHttpBinding 元素,一个具有安全性,一个没有安全性。根据我应用的绑定,我启用或禁用服务的安全性。
这是我的配置:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="HostedBasicHttpBinding">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="SecuredBasicHttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="SecuredService.CustomerService" behaviorConfiguration="DefaultBehavior">
<endpoint address="" binding="basicHttpBinding" contract="SecuredService.ICustomerService" bindingConfiguration="HostedBasicHttpBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="SecuredServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="SecuredService.CustomerClientValidator, SecuredService"/>
</serviceCredentials>
<serviceAuthorization serviceAuthorizationManagerType="SecuredService.CrmServiceAuthorizationManager, SecuredService" principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="SecuredService.AuthorizationPolicy, SecuredService"/>
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" bindingConfiguration="HostedBasicHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
在这里,当我应用绑定HostedBasicHttpBinding 和行为DefaultBehavior 时,我希望我的服务没有启用任何身份验证或授权。当我应用 SecuredBasicHttpBinding 和 SecuredServiceBehavior 时,我希望我的服务应用所有配置的安全性(身份验证和授权)。
现在的问题是,即使我申请了HostedBasicHttpBinding 和DefaultBehavior,授权似乎也会启动并引发诸如“访问被拒绝”之类的错误。
这里是PrinciplePermission的服务代码:
[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]
public void UploadEmployees(CustomerRequest request)
{
ProcessEmployees(request.PacketId, request.Employees);
}
当我在没有安全性的情况下应用配置绑定时,如何禁用授权。我的要求是仅通过配置启用或禁用,而不是触摸代码。
【问题讨论】:
标签: c# web-services wcf security