在两个Web应用程序之间验证Web服务的C#问题
我正在一家公司开发一个运行在中心的网络应用程序。此Web应用程序需要调用作为第二个Web应用程序一部分的服务 在central Web应用程序中,我有这段代码在两个Web应用程序之间验证Web服务的C#问题,c#,.net,asp.net,asp.net-mvc,web-services,C#,.net,Asp.net,Asp.net Mvc,Web Services,我正在一家公司开发一个运行在中心的网络应用程序。此Web应用程序需要调用作为第二个Web应用程序一部分的服务 在central Web应用程序中,我有这段代码 var clientUri = "http://website.localhost/Services/Info.svc/account"; var uri = new Uri(clientUri); var networkCredentials = new NetworkCredential(_configuration.ServiceU
var clientUri = "http://website.localhost/Services/Info.svc/account";
var uri = new Uri(clientUri);
var networkCredentials = new NetworkCredential(_configuration.ServiceUserName, _configuration.ServicePassword);
var httpClient = new HttpClient();
httpClient.DefaultHeaders.Authorization = Credential.CreateBasic(_configuration.ServiceUserName, _configuration.ServicePassword);
httpClient.TransportSettings.PreAuthenticate = true;
HttpResponseMessage respone = httpClient.Get(uri);
HttpContent content = respone.Content;
在另一个应用程序(Info.svc)中的webservice中,我在服务的构造函数中有以下代码
var validator = new UserNamePasswordValidator();
var cred = System.Net.CredentialCache.DefaultCredentials; //this one is empty, maybe a solution?
validator.Validate("Username", "Password");
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
//This throws a 401 unauthorize, which is shown as a 500 error in the central application
throw new WebProtocolException(HttpStatusCode.Unauthorized, "You must be authorized to perform this action.", null);
}
else
{
_userIsAbleToUseService = true;
}
我想使用从其他Web服务发送过来的网络凭据,而不是验证函数中的用户名和密码,这可以实现吗?怎么做?欢迎提出任何其他建议!我现在可以在validate函数中对密码进行加密,但这不是我想要的
--更新--
这是web.config中针对中心应用程序的配置
<authorization>
<allow roles="administrators"/>
<deny roles="datareaders"/>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Logon/Logon" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="CentralApplication"/>
</providers>
</membership>
<authentication mode="Forms">
<forms name="AllPages" loginUrl="~/Logon/" timeout="360" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<!-- NOTE: See Web.config under Private folder for specifics on secure pages. -->
<deny users="?" />
</authorization>
<membership defaultProvider="NHMembershipProvider">
<providers>
<clear />
<add name="NHMembershipProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsMembershipProvider" description="Stores and retrieves membership data from SQL server using Nhibernate" connectionStringName="NHibernate" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="NHRoleProvider">
<providers>
<clear />
<add name="NHRoleProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsRoleProvider" />
</providers>
</roleManager>
此部分用于第二个web应用程序中的web.config
<authorization>
<allow roles="administrators"/>
<deny roles="datareaders"/>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Logon/Logon" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="CentralApplication"/>
</providers>
</membership>
<authentication mode="Forms">
<forms name="AllPages" loginUrl="~/Logon/" timeout="360" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<!-- NOTE: See Web.config under Private folder for specifics on secure pages. -->
<deny users="?" />
</authorization>
<membership defaultProvider="NHMembershipProvider">
<providers>
<clear />
<add name="NHMembershipProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsMembershipProvider" description="Stores and retrieves membership data from SQL server using Nhibernate" connectionStringName="NHibernate" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="NHRoleProvider">
<providers>
<clear />
<add name="NHRoleProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsRoleProvider" />
</providers>
</roleManager>
已经使用成员资格提供者登录到中心应用程序,我正在尝试使用一个简单的超链接从那里调用webservice(现在)。中央管理员中调用的Web服务收集一些数据,并将其发送到第二个应用程序的Web服务的url。这两个应用程序都是webapplications(包含webservices),因此身份验证模式被设置为Forms。花了我将近2天的时间,但现在我让一切都正常工作了。我找到了允许我通过稍微修改webconfig并使用该类中的一些属性在服务上实现身份验证的。我用一个服务和一个控制台应用程序构建了一个快速测试应用程序,验证工作正常 我将下面的部分添加到我的web.config中
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="webAuthentication" type="WcfRestContrib.ServiceModel.Configuration.WebAuthentication.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
<add name="errorHandler" type="WcfRestContrib.ServiceModel.Configuration.ErrorHandler.BehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
<add name="webErrorHandler" type="WcfRestContrib.ServiceModel.Configuration.WebErrorHandler.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
</behaviorExtensions>
</extensions>
<behaviors>
<serviceBehaviors>
<behavior name="Rest">
<webAuthentication requireSecureTransport="false" authenticationHandlerType="WcfRestContrib.ServiceModel.Dispatcher.WebBasicAuthenticationHandler, WcfRestContrib" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, CMS.Backend" source="CMS.Backend"/>
<!--<webAuthentication requireSecureTransport="false" authenticationHandlerType="CMS.Backend.Services.WebBasicAuthenticationHandler, CMS.Backend" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, Website.Backend" source="CMS.Backend"/>-->
<errorHandler errorHandlerType="WcfRestContrib.ServiceModel.Web.WebErrorHandler, WcfRestContrib"/>
<webErrorHandler returnRawException="true" logHandlerType="Website.Backend.Services.LogHandler, Website.Backend" unhandledErrorMessage="An error has occured processing your request. Please contact technical support for further assistance."/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
我采取的最后一步是向服务本身添加2个属性
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceConfiguration("Rest", true)]
public class Cmsinfo : ICmsInfo
{
//foo
}
WcfRestContrib通过添加这种身份验证技术帮助了我很多,而且效果非常好。我只需要确保我也使用了授权头
在此之后,我在使用表单身份验证的Web应用程序中验证Web服务时遇到了一个问题。此问题在另一个中指定。用户如何通过第一个web应用程序的身份验证?如果是NTLM,你将无法做到这一点,因为“双跳”限制(谷歌it。)@0xn说得好!但是,通过在第一个IIS上添加进程身份验证,它们可以允许第一个IIS与第二个IIS对话。@x0n第一个Web应用程序(中央系统)正在使用成员资格提供程序对用户进行身份验证。@rob然后请使用两个web应用程序的身份验证和授权配置相应地更新您的问题。您所展示的代码示例并没有发挥应有的作用;您需要添加更多的上下文。@x0n,您是指web.config中的数据吗?我再加上这些。