C# 使用SoapUI测试具有基本身份验证的WCF
我不熟悉web服务。我想用用户名和密码身份验证编写一个简单的WCF。使用SoapUI进行测试时,如果安全模式设置为“无”(无基本身份验证),则可以成功调用它。一旦安全模式设置为message(具有基本身份验证),它将无法返回正确的结果。使用C#client可以成功调用这两个函数。 我对StackOverflow应用了许多建议,但仍然无法得到正确的结果C# 使用SoapUI测试具有基本身份验证的WCF,c#,wcf,authentication,soapui,C#,Wcf,Authentication,Soapui,我不熟悉web服务。我想用用户名和密码身份验证编写一个简单的WCF。使用SoapUI进行测试时,如果安全模式设置为“无”(无基本身份验证),则可以成功调用它。一旦安全模式设置为message(具有基本身份验证),它将无法返回正确的结果。使用C#client可以成功调用这两个函数。 我对StackOverflow应用了许多建议,但仍然无法得到正确的结果 在SoapUI的“Wss密码类型”部分的“请求属性”中 只需选择“PasswordText”选项 negotiateServiceCredent
- 在SoapUI的“Wss密码类型”部分的“请求属性”中 只需选择“PasswordText”选项
- negotiateServiceCredential=“true”
- 选中标记“将默认WSA添加到”
- 在http设置中,选中“添加传出结果的身份验证信息”
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="zh-HK">An error occurred when verifying security for the message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
http://www.w3.org/2005/08/addressing/soap/fault
s:发件人
a:无效安全
验证邮件的安全性时出错。
SoapUI日志:
调试:尝试1执行请求
调试:发送请求:POST/servicehollo.svc HTTP/1.1
调试:接收响应:HTTP/1.1500内部服务器错误
调试:连接可以无限期保持活动状态
信息:获取了3ms(576字节)内[WSHttpBinding_IServiceHello.HelloWorld:Request 1]的响应
安全模式的结果=无
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IServiceHello/HelloWorldResponse</a:Action>
</s:Header>
<s:Body>
<HelloWorldResponse xmlns="http://tempuri.org/">
<HelloWorldResult>Hello World</HelloWorldResult>
</HelloWorldResponse>
</s:Body>
</s:Envelope>
http://tempuri.org/IServiceHello/HelloWorldResponse
你好,世界
这是web.config
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="WCFTest.ServiceHello"
behaviorConfiguration="WCFTest_Behavior">
<endpoint
address=""
binding="wsHttpBinding"
contract="WCFTest.IServiceHello"
bindingConfiguration="WCFTest_Config">
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="WCFTest_Config">
<security mode="None">
<!—The only difference between two web service is the security mode, which is set to message in the authentication version -->
<message clientCredentialType="UserName" negotiateServiceCredential="false"
establishSecurityContext="false" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest_Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None"/>
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFTest.App_Code.Authentication.CustomValidator,App_Code/Authentication"/>
<serviceCertificate
findValue="myCertificate"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
查看应用程序的配置,我假设: a) 您的WCF服务使用.NET Framework 4.5或更高版本。 b) 该服务托管在IIS中,并启用了SSL安全性。 c) 您想使用WsHttpBinding。 d) 身份验证是定制的 因此,我向各位提出以下建议: IIS出版物: a) SSL安全性:启用需要SSL和客户端证书将其设置为忽略。这是您在Web.config中配置它的方式:
<clientCertificate>
<authentication certificateValidationMode = "None" />
</ clientCertificate>
<wsHttpBinding>
<binding name = "WCFTest_Config">
<security mode = "TransportWithMessageCredential">
<transport clientCredentialType = "None" proxyCredentialType = "None" realm = "" />
<message clientCredentialType = "UserName" />
</security>
</binding>
</wsHttpBinding>
b) 身份验证:启用“匿名身份验证”并禁用其他身份验证
Web.config:
<clientCertificate>
<authentication certificateValidationMode = "None" />
</ clientCertificate>
<wsHttpBinding>
<binding name = "WCFTest_Config">
<security mode = "TransportWithMessageCredential">
<transport clientCredentialType = "None" proxyCredentialType = "None" realm = "" />
<message clientCredentialType = "UserName" />
</security>
</binding>
</wsHttpBinding>
而且
<protocolMapping>
<add binding = "wsHttpBinding" scheme = "https" />
</protocolMapping>
试试看,祝你好运