C# WCF服务上的自定义基本身份验证
一段时间以来,我一直在努力让自定义基本身份验证在WCF服务上工作,我在互联网上搜索,试图得到一个好答案,但运气不好 我尝试使用自定义用户名身份验证和自定义serviceAuthorizationManager 我遇到的是,我陷入了一个要求凭证的“循环”,而它似乎从未进入我的自定义身份验证。根据我的研究,这似乎是因为IIS正在劫持本地用户的身份验证和检查 在web配置中,我已使用基本身份验证启用了传输安全:C# WCF服务上的自定义基本身份验证,c#,wcf,authentication,C#,Wcf,Authentication,一段时间以来,我一直在努力让自定义基本身份验证在WCF服务上工作,我在互联网上搜索,试图得到一个好答案,但运气不好 我尝试使用自定义用户名身份验证和自定义serviceAuthorizationManager 我遇到的是,我陷入了一个要求凭证的“循环”,而它似乎从未进入我的自定义身份验证。根据我的研究,这似乎是因为IIS正在劫持本地用户的身份验证和检查 在web配置中,我已使用基本身份验证启用了传输安全: <webHttpBinding> <binding name="
<webHttpBinding>
<binding name="SecureBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
我想问题是,我怎样才能避免IIS是个混蛋
如果您需要更多详细信息,请告诉我,我很乐意与您分享任何问题的答案。您必须关闭web配置中的基本身份验证才能调用此类。基本身份验证在应用程序知道之前由IIS处理 for me ServiceAuthorizationManager仅在IIS中禁用基本身份验证后才处于活动状态。此外,还应排除transport clientCredentialType或“无”
<serviceBehaviors>
<behavior name="AuthenticatedWCF.CustomServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceAuthorization serviceAuthorizationManagerType="AuthenticatedWCF.Classes.Helpers.AuthenticationManager, AuthenticatedWCF" />
<!--<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AuthenticatedWCF.Classes.Helpers.AuthenticationManager, AuthenticatedWCF" />
</serviceCredentials>-->
</behavior>
</serviceBehaviors>
public class AuthenticationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
//Extract the Authorization header, and parse out the credentials converting the Base64 string:
var authHeader = WebOperationContext.Current.IncomingRequest.Headers["Authorization"];
if ((authHeader != null) && (authHeader != string.Empty))
{
return true;
/*var svcCredentials = System.Text.ASCIIEncoding.ASCII
.GetString(Convert.FromBase64String(authHeader.Substring(6)))
.Split(':');
throw new Exception(authHeader);
var user = new { Name = svcCredentials[0], Password = svcCredentials[1] };
if ((user.Name == "user1" && user.Password == "test"))
{
//User is authrized and originating call will proceed
return true;
}
else
{
//not authorized
return false;
}*/
}
else
{
//No authorization header was provided, so challenge the client to provide before proceeding:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=AuthenticatedWCF");
//Throw an exception with the associated HTTP status code equivalent to HTTP status 401
//throw new WebFaultException("Please provide a username and password", HttpStatusCode.Unauthorized);
throw new WebFaultException(HttpStatusCode.Unauthorized);
//return false;
}
}
}