WCF 中未调用自定义用户/密码验证

【问题标题】:Custom user / password validation not called in WCFWCF 中未调用自定义用户/密码验证
【发布时间】:2020-10-16 19:16:19
【问题描述】:

我正在开发 WCF 网络服务。我添加了自定义用户/密码验证,但我的方法没有被调用。

我在 App_Code 中创建了一个新类:

public class Connexion : System.IdentityModel.Selectors.UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        string Result = CsGeneral.Instance.RequeteScalar<string>(string.Format("select IdUser from usr.User where IdUser = '{0}' and Password = '{1}'", userName.Replace("'", "''"), CsGeneral.Instance.Crypt(password)));
        if (string.IsNullOrWhiteSpace(Result)) throw new FaultException("Login et/ou mot de passe invalide");
    }
}

我改变了我的 web.config 来调用这个方法:

<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="SSL_WcfBijoux" bypassProxyOnLocal="true" maxBufferPoolSize="524288000"
      maxReceivedMessageSize="655360000">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="BhvBijoux" name="Bijoux">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="SSL_WcfBijoux" contract="IBijoux" />
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="false" />
    </behavior>
    <behavior name="BhvBijoux">
      <serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom"
          customUserNamePasswordValidatorType="WsLogebi.Connexion, App_Code" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
    <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>    
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

我在 Validate 方法中添加了一个断点,但我可以通过我的 https URL 调用我的 webservice 方法,而无需传递此方法...

我做错了什么?

提前谢谢你!!!!

【问题讨论】:

    标签: c# web-services wcf authentication


    【解决方案1】:

    首先,您必须检查客户端使用的绑定。在您的配置文件中,我看到两个绑定,一个是 wsHttpBinding,另一个是 basicHttpsBinding。如果客户端使用basicHttpsBinding,自定义认证是没用的。我建议你可以在测试前删除protocolMapping。 这是我的演示:

    <system.serviceModel>
    <services>
      <service name="Microsoft.Samples.UserNamePasswordValidator.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
        <host>
          <baseAddresses>
            <!-- configure base address for host -->
            <add baseAddress="http://localhost:8001/servicemodelsamples/service"/>
          </baseAddresses>
        </host>
        <!-- use base address provided by host, provide one endpoint -->
        <endpoint address="username" binding="wsHttpBinding" bindingConfiguration="Binding1" contract="Microsoft.Samples.UserNamePasswordValidator.ICalculator"/>
      </service>
    </services>

    <bindings>
      <wsHttpBinding>
        <!-- Username binding -->
        <binding name="Binding1">
          <security mode="Message">
              <message clientCredentialType="UserName"/>
          </security>
        </binding>        
      </wsHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="CalculatorServiceBehavior" includeExceptionDetailInFaults="True">
          <serviceCredentials>
            <!-- 
            The serviceCredentials behavior allows one to specify a custom validator for username/password combinations.                  
            -->
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Microsoft.Samples.UserNamePasswordValidator.CalculatorService+CustomUserNameValidator, service"/>
            <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
          
          </serviceCredentials>        
        </behavior>
      </serviceBehaviors>
    </behaviors>
    
  </system.serviceModel>

    这是配置文件,你也可以尝试将mode的值设置为message。

    public class CustomUserNameValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
        {   
            public override void Validate(string userName, string password)
            {
                if (null == userName || null == password)
                {
                    throw new ArgumentNullException();
                }

                if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
                {
                    throw new FaultException("Unknown Username or Incorrect Password");
                }
            }
        }

    这是一个自定义验证类。

    【讨论】:

      【解决方案2】:

      感谢您的回答。

      终于,我找到了!

      它在我的服务声明中,我必须使用:

        <service name="WsLogebi.Bijoux" behaviorConfiguration="TreizOr_Behavior">
    <endpoint address=""
              binding="wsHttpBinding"
              bindingConfiguration="secureHttpBinding"
              contract="WsLogebi.IBijoux"/>
  </service>

      并且 customnamevalidator 不正确。我必须用命名空间写完整的类名,以及它所在的文件夹和文件。

      customUserNamePasswordValidatorType="WsLogebi.App_Code.Authentification.Connexion, App_Code/Connexion"

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2021-06-30
        • 1970-01-01
        • 2011-10-23
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2012-11-13
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode