Wcf 如何使用用户名/密码身份验证配置webHttpBinding
我正在使用webHttpBinding为json ajax调用开发一个WCF服务。在我打开安全部分之前,服务工作正常。这是我的web.config。Wcf 如何使用用户名/密码身份验证配置webHttpBinding,wcf,wcf-binding,wcf-security,Wcf,Wcf Binding,Wcf Security,我正在使用webHttpBinding为json ajax调用开发一个WCF服务。在我打开安全部分之前,服务工作正常。这是我的web.config。 <serviceCredentials > <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, W
<serviceCredentials >
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, WebServices" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="AuthorizationPolicy, WebServices" />
</authorizationPolicies>
</serviceAuthorization>
<!---->
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebHttpBehaviour">
<enableWebScript />
<webHttp automaticFormatSelectionEnabled="false" defaultBodyStyle="Wrapped" defaultOutgoingResponseFormat="Json" helpEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceCredentials >
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, WebServices" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="AuthorizationPolicy, WebServices" />
</authorizationPolicies>
</serviceAuthorization>
<!---->
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebHttpBehaviour">
<enableWebScript />
<webHttp automaticFormatSelectionEnabled="false" defaultBodyStyle="Wrapped" defaultOutgoingResponseFormat="Json" helpEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
我得到了错误消息:当我调用ajax时对象错误。我做错什么了吗?谢谢。找到以下解决方案。效果很好。
<serviceCredentials >
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, WebServices" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="AuthorizationPolicy, WebServices" />
</authorizationPolicies>
</serviceAuthorization>
<!---->
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebHttpBehaviour">
<enableWebScript />
<webHttp automaticFormatSelectionEnabled="false" defaultBodyStyle="Wrapped" defaultOutgoingResponseFormat="Json" helpEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
对于这个示例,我唯一要注意的是,它要求客户端应用程序保存服务的用户名和密码。这意味着任何黑客都有用户名:密码。如果你同意,那么+1。但我会问,你为什么要认证。你不能信任客户。你必须假设客户是黑客。如果不这样做,您将被黑客攻击。:-)@MarkGood您的客户使用自己的用户名和密码登录到您的web服务。它们不是一个hacker@Julien,如果您使用用户凭据登录到服务,则必须将这些凭据存储在客户端的某个位置。大多数web应用程序不存储这些凭据,而是设置会话cookie。你的网站是面向公众的还是内部的?
<serviceCredentials >
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, WebServices" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="AuthorizationPolicy, WebServices" />
</authorizationPolicies>
</serviceAuthorization>
<!---->
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebHttpBehaviour">
<enableWebScript />
<webHttp automaticFormatSelectionEnabled="false" defaultBodyStyle="Wrapped" defaultOutgoingResponseFormat="Json" helpEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>