【发布时间】:2011-10-23 20:36:44
【问题描述】:
是否需要创建服务证书才能使用自定义用户名和密码验证?我想使用自定义用户名和密码验证我的 WCF 服务。
我的服务web.config如下:
<system.serviceModel>
<bindings>
<wsHttpBinding>`enter code here`
<binding name="NewBinding0">
<security mode="Message">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfTest.Service1Behavior" name="WcfTest.TestService">
<endpoint address="" binding="wsHttpBinding" contract="WcfTest.ITestService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior" />
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WcfTest.Service1Behavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<!-- Use our own custom validation -->
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="MyValidator,WcfTest"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
而客户端 Web.config 是:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ITestService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384" maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:2374/Service1.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ITestService"
contract="ServiceReference1.ITestService"
name="WSHttpBinding_ITestService">
<identity>
<userPrincipalName value="NYSA31\abc" />
</identity>
</endpoint>
</client>
</system.serviceModel>
但我在访问服务时遇到以下错误。
【问题讨论】:
-
您的服务和客户端之间的安全设置不匹配。您的服务正在指定消息安全性,传输设置为 Basic ClientCredentialType,消息设置为 UserName ClientCredentialType,并且您的客户端使用消息安全性,传输设置为 Windows ClientCredentialType。不确定这是否是问题所在,但您可能需要调查该区域。
-
@Tim:感谢您的回复。当我在默认情况下引用服务时,身份验证设置为 windows,尽管我在我的服务中使用用户名作为身份验证类型。我已经对我的客户端 web.config 进行了更正,但仍然出现同样的问题。
-
因为模式设置为
Message,所以Transport的ClientCreadentialType配置什么并不重要。 -
@Ladislav Mrnka - 我想知道,但没有机会研究答案。将模式设置为
Message是否实质上会使Transport元素无用?
标签: wcf wcf-security