使用WCF连接到通过用户名/密码验证的Web服务
我使用Visual Studio 2008创建了Web服务的代理,它在app.config中为我创建了以下条目:使用WCF连接到通过用户名/密码验证的Web服务,wcf,wcf-security,wcf-authentication,Wcf,Wcf Security,Wcf Authentication,我使用Visual Studio 2008创建了Web服务的代理,它在app.config中为我创建了以下条目: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="MyNameHandlerSoapBinding" closeTimeout="00:01:00"
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyNameHandlerSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.***/***/***"
binding="basicHttpBinding" bindingConfiguration="MyNameHandlerSoapBinding"
contract="***.MyNameHandler" name="MyName">
</endpoint>
</client>
</system.serviceModel>
现在看起来它可能正在使用凭据,但它给了我一个错误:
提供的URI方案“http”是无效的URI,应为“https”
我甚至不知道这是不是正确的方法…错误消息是正确的。WCF不允许通过不受保护的协议传输用户名和密码。您的web服务必须使用HTTPS(附带SSL证书)
一旦您有了SSL证书,您就有两个关于如何发送凭据的选项:传输或安全,以及凭据类型的多个选项。MSDN对所有不同的选项都有一个完整的定义。我在这里为未来的读者发布了解决方案:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyHandlerSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.***/***/***/MyHandler"
binding="basicHttpBinding" bindingConfiguration="MyHandlerSoapBinding"
contract="***.MyHandler" name="MyHandler">
</endpoint>
</client>
</system.serviceModel>
我也遇到了同样的问题,并尝试了上述解决方案 不知怎的,这对我不起作用 我一直收到消息“找不到WS-Security头” 经过长时间的测试和尝试,我设法让它工作 我在客户端添加了头代码,如下所示,然后它就工作了
<client>
<endpoint address="http://your.service.com" binding="basicHttpBinding" bindingConfiguration="XXXBinding" contract="contract.XXX" name="XXXPort">
<headers xmlns:wsse="http://your.xsd">
<wsse:Security mustUnderstand="1">
<wsse:UsernameToken>
<tenant>XXX</tenant>
<wsse:Username>XXX</wsse:Username>
<wsse:Password Type="http://www.xxxx.com/wss#PasswordText">XXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>
XXX
XXX
XXX
WCF是配置地狱。您希望使用哪种身份验证存储?窗户。。。ASP会员资格还是自定义数据库?你看过了吗?的确。它是一个外部web服务,具有唯一的用户名/密码,可用于我的所有通话。它是http。因此,如果这有意义的话,我想它可能更像是一个端点授权!首先,您无法在配置文件中的任何位置指定用户名和密码(但只能在代码中指定),然后,您想在明文配置文件中指定密码吗?真的吗?找到了。它确实允许您选择。当然,这是针对测试环境的,稍后您应该使用https。干杯这真让我高兴!非常感谢您的分享,这为很多人节省了很多麻烦。@antonioh I get客户端身份验证方案“Basic”禁止了HTTP请求。
采用这种方法;你知道这是什么原因吗?
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyHandlerSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.***/***/***/MyHandler"
binding="basicHttpBinding" bindingConfiguration="MyHandlerSoapBinding"
contract="***.MyHandler" name="MyHandler">
</endpoint>
</client>
</system.serviceModel>
var ws = new ***.MyHandlerClient("MyHandler");
ws.ClientCredentials.UserName.UserName = "myUsername";
ws.ClientCredentials.UserName.Password = "myPassword";
var result = ws.executeMyMethod();
<client>
<endpoint address="http://your.service.com" binding="basicHttpBinding" bindingConfiguration="XXXBinding" contract="contract.XXX" name="XXXPort">
<headers xmlns:wsse="http://your.xsd">
<wsse:Security mustUnderstand="1">
<wsse:UsernameToken>
<tenant>XXX</tenant>
<wsse:Username>XXX</wsse:Username>
<wsse:Password Type="http://www.xxxx.com/wss#PasswordText">XXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>