Fatal编程技术网
  • wcf/
  • WCF-自定义凭证和;安全令牌

WCF-自定义凭证和;安全令牌

wcf

WCF-自定义凭证和;安全令牌,wcf,servicebehavior,Wcf,Servicebehavior,我是WCF开发的新手,在学习框架时遇到了一些问题。我有一个必须同时支持REST和SOAP的服务api。到目前为止,这很容易实现,特别是使用WCF4和路由 我目前正在进行授权工作,并通过创建两个新的管理器类来扩展AuthorizationManager:“ApiKeyAuthorizationManager”和“ApiKeyAndTokenAuthorizationManager” 我的大多数服务都需要一个ApiKey和令牌(GUIDS);在最初进行身份验证时,您只需要一个有效的ApiKey和密码

我是WCF开发的新手,在学习框架时遇到了一些问题。我有一个必须同时支持REST和SOAP的服务api。到目前为止,这很容易实现,特别是使用WCF4和路由

我目前正在进行授权工作,并通过创建两个新的管理器类来扩展AuthorizationManager:“ApiKeyAuthorizationManager”和“ApiKeyAndTokenAuthorizationManager”

我的大多数服务都需要一个ApiKey和令牌(GUIDS);在最初进行身份验证时,您只需要一个有效的ApiKey和密码即可接收令牌

到目前为止,当授权管理器查看查询字符串以获取ApiKey和/或令牌时,REST工作正常

例如,服务uri看起来像: *{someVariableValue}?ApiKey=GUID&Token=GUID

我现在的问题是授权SOAP服务调用。我做了一些研究,得出了一些结论,我想在实施之前验证这些结论是否正确

为了使用自定义凭据授权SOAP,我应该:

  • 创建自定义服务令牌()
  • 通过创建自定义SecurityTokenProvider、SecurityTokenAuthenticator和SecurityTokenSerializer()扩展WCF
  • 通过创建自定义授权策略()扩展WCF
    • 我走对了吗?是否需要所有这些步骤来适应我的场景?似乎只是为了验证由两个guid组成的凭证而进行了大量定制

    谢谢

    [编辑#1]

    这是一项非常艰巨的任务。自定义凭据和安全令牌几乎没有文档记录。事实证明,找到高质量的博客帖子本身几乎是不可能的。我一直在努力工作,很快就能找到一个有效的解决方案。我甚至遇到了与中描述的相同的路障

    当我尝试访问我的服务以发现wsdl或mex时,我收到以下错误:

    
The service encountered an error.

An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
Extension: System.ServiceModel.Channels.SymmetricSecurityBindingElement
Error: Specified argument was out of the range of valid values.
Parameter name: parameters ----> System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
Parameter name: parameters
   at System.ServiceModel.Security.WSSecurityPolicy.CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters, Boolean isOptional)
   at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSignedSupportingTokensAssertion(MetadataExporter exporter, Collection`1 signed, Collection`1 signedEncrypted, Collection`1 optionalSigned, Collection`1 optionalSignedEncrypted)
   at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection`1 signed, Collection`1 signedEncrypted, Collection`1 endorsing, Collection`1 signedEndorsing, Collection`1 optionalSigned, Collection`1 optionalSignedEncrypted, Collection`1 optionalEndorsing, Collection`1 optionalSignedEndorsing, AddressingVersion addressingVersion)
   at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection`1 signed, Collection`1 signedEncrypted, Collection`1 endorsing, Collection`1 signedEndorsing, Collection`1 optionalSigned, Collection`1 optionalSignedEncrypted, Collection`1 optionalEndorsing, Collection`1 optionalSignedEndorsing)
   at System.ServiceModel.Channels.SecurityBindingElement.ExportSymmetricSecurityBindingElement(SymmetricSecurityBindingElement binding, MetadataExporter exporter, PolicyConversionContext policyContext)
   at System.ServiceModel.Channels.SecurityBindingElement.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
   at System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint)
   --- End of inner ExceptionDetail stack trace ---
   at System.ServiceModel.Description.ServiceMetadataBehavior.MetadataExtensionInitializer.GenerateMetadata()
   at System.ServiceModel.Description.ServiceMetadataExtension.EnsureInitialized()
   at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.InitializationData.InitializeFrom(ServiceMetadataExtension extension)
   at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.GetInitData()
   at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.TryHandleDocumentationRequest(Message httpGetRequest, String[] queries, Message& replyMessage)
   at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.ProcessHttpRequest(Message httpGetRequest)
   at SyncInvokeGet(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
服务遇到错误。
ExceptionDetails,可能由IncludeExceptionDetailInFaults=true创建,其值为:
System.InvalidOperationException:调用策略导出扩展时引发异常。
扩展名:System.ServiceModel.Channels.SymmetricSecurityBindingElement
错误:指定的参数超出有效值的范围。
参数名称:parameters-->System.ArgumentOutOfRangeException:指定的参数超出有效值的范围。
参数名称:参数
位于System.ServiceModel.Security.WSSecurityPolicy.CreateTokeAssertion(MetadataExporter导出器、SecurityTokenParameters参数、布尔等参变量)
位于System.ServiceModel.Security.WSSecurityPolicy.CreateWSSPSignedSupportingTokenAssertion(元数据导出器导出器,集合'1签名,集合'1签名加密,集合'1可选签名,集合'1可选签名加密)
位于System.ServiceModel.Security.WSSecurityPolicy.CreateWSSPSSupportingTokensSertion(元数据导出器导出器、集合'1签名、集合'1签名加密、集合'1背书、集合'1签名签名签名、集合'1可选签名、集合'1可选签名加密、集合'1可选背书、集合'1可选签名签名签名签名、寻址版本寻址版本)
位于System.ServiceModel.Security.WSSecurityPolicy.CreateWSSPSSupportingTokensSertion(元数据导出器导出器、集合'1签名、集合'1签名加密、集合'1背书、集合'1签名背书、集合'1可选签名、集合'1可选签名加密、集合'1可选背书、集合'1可选签名背书)
位于System.ServiceModel.Channel.SecurityBindingElement.ExportSymmetricSecurityBindingElement(SymmetricSecurityBindingElement绑定、MetadataExporter导出器、PolicyConversionContext policyContext)
位于System.ServiceModel.Channel.SecurityBindingElement.ExportPolicy(MetadataExporter,PolicyConversionContext上下文)
位于System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint)
---内部ExceptionDetail堆栈跟踪的结束---
位于System.ServiceModel.Description.ServiceMetadataBehavior.MetadataExtensionInitializer.GenerateMetadata()处
位于System.ServiceModel.Description.ServiceMetadataExtension.EnsureInitialized()处
位于System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.InitializationData.InitializeFrom(ServiceMetadataExtension扩展名)
位于System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.GetInitData()处
位于System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.TryHandleDocumentationRequest(消息httpGetRequest,字符串[]查询,消息和回复消息)
位于System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.ProcessHttpRequest(消息httpGetRequest)
在SyncInvokeGet(对象,对象[],对象[])
位于System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(对象实例、对象[]输入、对象[]输出)
位于System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&rpc)
位于System.ServiceModel.Dispatcher.ImmutableDispatcheRuntime.ProcessMessage5(MessageRpc&rpc)
位于System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&rpc)
位于System.ServiceModel.Dispatcher.MessageRpc.Process(布尔isOperationContextSet)

    如果你知道这可能是什么原因的话,我希望能得到一些帮助

    [编辑#2]

    微软似乎不想更新他们的示例来展示如何允许wsdl支持自定义凭证/令牌。 有人知道如何让它工作吗?如果没有文档,让框架可扩展有什么意义?如何扩展它

    [编辑#3]

    正如我在下面的评论中所说。。。 我的TransportWithMessageCredential使用UserNameSecurityToken工作正常。不幸的是,我的服务最终将需要自定义