使用 SQL 成员资格提供程序进行 WCF 身份验证
希望你们能为我澄清一些。我有一个使用 Sql Membership Provider 的 Web 应用程序,它通过 WCF 服务与第二个 Web 应用程序进行通信。两个应用程序共享相同的 Sql Membership Provider 数据存储...但我需要每个 WCF 服务调用来对用户进行身份验证。
现在,我已经查看了很多示例,但我觉得我看到的示例要么遗漏了某些代码,因为它“应该”对我来说是显而易见的,要么我误解了 WCF 如何处理请求(参见预期)代码如下)。
我很感激任何帮助...
这是我已经知道该怎么做
- 我知道如何在两端配置 Sql 成员身份。
- 我知道如何设置 wsHttpBinding
- 我知道如何设置传输安全中使用的服务证书
这是我感到困惑的
- 我如何传递会员密码(...你不能)
- 我可以吗通过身份验证cookie?如果是这样,怎么办?
- 我是否创建与用户(他们自己)无关的“已知”用户名和密码?
在 Web 客户端中,我希望看到类似这样的代码
protected void btnLogin_Click(object sender, EventArgs e)
{
// Logging into the web-application is known and easy.
if (Membership.ValidateUser("MyUserName", "MyPassword"))
{
FormsAuthentication.SetAuthCookie("MyUserName", true);
FormsAuthentication.RedirectFromLoginPage("MyUserName", false);
}
}
protected ServiceReference1.Contractor getContractor(Int32 key)
{
// I expect something "like" this on the client call.
MembershipUser user = Membership.GetUser("MyUserName");
ServiceReference1.FishDataClient wcfService = new ServiceReference1.FishDataClient();
// You can't retreive the users password directly,
// nor can you get the hash from the SqlMembershipProvider.
wcfService.ChannelFactory.Credentials.UserName.UserName = user.UserName;
// So doing something like this would not be possible.
wcfService.ChannelFactory.Credentials.UserName.Password = "??????";
// So how is the web service going to authenticate the user from it's
// references to the same SqlMembershipProvider (database).
ServiceReference1.Contractor contractor = wcfService.GetContractor(key);
wcfService.Close();
wcfService = null;
return contractor;
}
在 WCF 服务中,我希望看到类似这样的代码
[PrincipalPermission(SecurityAction.Demand, Role = "User")]
public Contractor GetContractor(Int32 key)
{
ServiceSecurityContext context = ServiceSecurityContext.Current;
Contractor contractor = new Contractor();
// What goes here? I would expect something like this...
if (Membership.ValidateUser("???????", "???????"))
contractor.Get(key);
return contractor;
}
Hopefully you folks can clarify some of this for me. I have a web-application using the Sql Membership Provider and it talks to a second web-application through a WCF Service. Both applications share the same Sql Membership Provider datastore...but I need each WCF Service call to authenticate the user.
Now, I've looked at a LOT of samples, but I feel like the samples I've seen either leave out certain code because it "should" be obvious to me, or I mis-understand how WCF handles the request (see expected code below).
I'm grateful for any help...
HERE'S WHAT I ALREADY KNOW HOW TO DO
- I know how to configure the Sql Membership on both ends.
- I know how to setup the wsHttpBinding
- I know how to setup the services certificate used in transport security
HERE'S WHAT I AM CONFUSED ON
- How can I pass the Membership password (...you can't)
- Do I pass the authentication cookie? If so, how?
- Do I create a "known" username and password not related to the user (themselves)?
IN THE WEB CLIENT I WOULD EXPECT TO SEE CODE SOMETHING LIKE THIS
protected void btnLogin_Click(object sender, EventArgs e)
{
// Logging into the web-application is known and easy.
if (Membership.ValidateUser("MyUserName", "MyPassword"))
{
FormsAuthentication.SetAuthCookie("MyUserName", true);
FormsAuthentication.RedirectFromLoginPage("MyUserName", false);
}
}
protected ServiceReference1.Contractor getContractor(Int32 key)
{
// I expect something "like" this on the client call.
MembershipUser user = Membership.GetUser("MyUserName");
ServiceReference1.FishDataClient wcfService = new ServiceReference1.FishDataClient();
// You can't retreive the users password directly,
// nor can you get the hash from the SqlMembershipProvider.
wcfService.ChannelFactory.Credentials.UserName.UserName = user.UserName;
// So doing something like this would not be possible.
wcfService.ChannelFactory.Credentials.UserName.Password = "??????";
// So how is the web service going to authenticate the user from it's
// references to the same SqlMembershipProvider (database).
ServiceReference1.Contractor contractor = wcfService.GetContractor(key);
wcfService.Close();
wcfService = null;
return contractor;
}
IN THE WCF SERVICE I WOULD EXPECT TO SEE CODE SOMETHING LIKE THIS
[PrincipalPermission(SecurityAction.Demand, Role = "User")]
public Contractor GetContractor(Int32 key)
{
ServiceSecurityContext context = ServiceSecurityContext.Current;
Contractor contractor = new Contractor();
// What goes here? I would expect something like this...
if (Membership.ValidateUser("???????", "???????"))
contractor.Get(key);
return contractor;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我假设您的 WCF 会员资格提供商和 Web 应用程序会员资格提供商使用相同的后端用户集。
如果是这样,您可能希望在应用程序之间共享身份验证 cookie。您可以在此处找到有关如何执行此操作的更多信息。
接下来,您需要将 Web 应用程序请求附带的身份验证 cookie 传递给 WCF 服务调用。您可以在此处了解如何执行此操作。
这个想法是用户登录到您的 Web 应用程序,并通过这样做登录到您的 WCF 服务。
I'm assuming your WCF membership provider and your web application membership provider are using the same backend user set.
If so you would want to share authentication cookies between the applications. You can find more information on how to do that here.
Next you need to pass the authentication cookie that came with the web application request to the WCF service call. You can see how to do that here.
The idea is the user logs into your web application and by doing so is logged into your WCF service.
请查看下面链接中的“使用传输安全性(受信任的子系统,HTTP)从 Web 到远程 WCF”,我相信您可能会在那里找到答案。还有以下代码我认为可能会有所帮助:
另外:
否则我会建议回到基础知识,因此确保在 asp 客户端 (asp .net 应用程序)。
然后对 WCF 服务上的成员身份和角色使用相同的配置。唯一突出的部分是确保绑定正常工作。
我还没有尝试过表单身份验证,但最近已经实现了从调用 IIS 中托管的 WCF 服务的 ASP.NET 应用程序实现 Windows 身份验证,并且我发现配置文件(绑定)中的一个小错误可能会导致您的应用程序崩溃。
通过将用户上下文设置为通用主体,您应该能够在 WCF 服务端接收用户详细信息。
我通过阅读许多文章的字里行间找到了答案,因此请确保您查看以下内容:
希望这有帮助
Have a look at "Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)" in the links below, I am sure you might find the answer there. There is also the following code which I presume might help:
also:
Otherwise I would sugest go back to basics, so ensure you get the expected authentication and authorization configure to work 100% when using the membership and role providers in a asp client (asp.net applicaiton).
Then use the same configuration for membership and roles on the WCF service. The only outstanding part then is to make sure the bindings work correctly.
I have not tried forms authentications yet but have recently achieved implementing windows authentication from a ASP.NET applicaton calling a WCF services hosted in IIS and I have found that a slight mistake in the config file (bindings) could cause your application to break.
By setting the user context to a generic pricipal you should be able to receive the user details on the WCF service side.
I foud the answer by reading between the lines in a number of articles so make sure you have a look at the following:
Hope this helps