C# 在自托管wcf服务中从未调用验证?
我是这样称呼我的服务的:C# 在自托管wcf服务中从未调用验证?,c#,wcf,wcf-security,C#,Wcf,Wcf Security,我是这样称呼我的服务的: private void button1_Click(object sender, RoutedEventArgs e) { TestServiceClient client = new TestServiceClient("WSHttpBinding_ITestService"); client.ClientCredentials.UserName.UserName = "wrong"; client.Clien
private void button1_Click(object sender, RoutedEventArgs e)
{
TestServiceClient client = new
TestServiceClient("WSHttpBinding_ITestService");
client.ClientCredentials.UserName.UserName = "wrong";
client.ClientCredentials.UserName.Password = "password";
try
{
client.Open();
client.GetColors(); //should not validate, but it is.
client.Close();
}
catch (Exception ex)
{
}
}
public class CustomUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if ((userName != "right") || (password != "password"))
{
throw new SecurityTokenException("Validation Failed!");
}
}
public CustomUserNameValidator()
{
}
}
我是这样覆盖验证的:
private void button1_Click(object sender, RoutedEventArgs e)
{
TestServiceClient client = new
TestServiceClient("WSHttpBinding_ITestService");
client.ClientCredentials.UserName.UserName = "wrong";
client.ClientCredentials.UserName.Password = "password";
try
{
client.Open();
client.GetColors(); //should not validate, but it is.
client.Close();
}
catch (Exception ex)
{
}
}
public class CustomUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if ((userName != "right") || (password != "password"))
{
throw new SecurityTokenException("Validation Failed!");
}
}
public CustomUserNameValidator()
{
}
}
CustomUserNameValidator位于我的Test.dll中,因此在我的web.configs servicebehaviers部分中,我定义了以下内容:
<behavior name="CustomValidator">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Test.CustomUserNameValidator, Test"/>
<serviceCertificate findValue="Test" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="True"/>
</behavior>
当我运行客户机时,即使我给了它错误的凭据,它也能很好地执行服务。验证甚至没有被调用。调用Validate的唯一方法是,如果我将它放在操作GetColors中,那么我必须将它放在每个操作中
我将我的用户存储在一个带有用户名和加密密码的表中,那么自定义用户名/密码验证器是一种方法,还是应该采用不同的方法
如果自定义用户名验证不是自托管的,而是在IIS中托管的,那么它可以工作吗?一个小的输入错误就会造成错误,并且我们丢失了从绑定到行为的链接。自定义用户名验证可以工作于自托管。你能发布绑定配置吗?@Pedro,我真的让它工作了。我相信这是一个绑定配置。一个小的输入错误就会搞错,而且我们错过了从绑定到行为的链接。自定义用户名验证可以与自托管一起工作。你能发布绑定配置吗?@Pedro,我真的让它工作了。我相信这是一个绑定配置。