WCF WebHttpBinding 与会员提供商身份验证

发布于 2024-10-18 20:40:05 字数 1774 浏览 7 评论 0原文

我有一个使用基本 HTTP 身份验证模式的 WebHttpBinding 服务,但是由于某些奇怪的原因,它会根据 Windows 帐户验证提供的用户名/密码,以为我指定了 userNamePasswordValidationMode="MembershipProvider"。

我发现其他帖子也报告了这个问题,但没有给出针对这种情况的答案。

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="WebBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="EPWeb">
          <webHttp helpEnabled="true" />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlProvider" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="ServiceBehavior" name="Foo">
        <endpoint address="Test" behaviorConfiguration="EPWeb"
            binding="webHttpBinding" bindingConfiguration="WebBinding"
            contract="Foo.IService" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:3456/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>

I have a WebHttpBinding service which uses basic HTTP authentication mode, however for some strange reason it validates provided username/password against windows accounts, thought i specified userNamePasswordValidationMode="MembershipProvider".

I found other posts that report this problem too, but no answer to this situation have been given.

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="WebBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="EPWeb">
          <webHttp helpEnabled="true" />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlProvider" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="ServiceBehavior" name="Foo">
        <endpoint address="Test" behaviorConfiguration="EPWeb"
            binding="webHttpBinding" bindingConfiguration="WebBinding"
            contract="Foo.IService" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:3456/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

空心空情空意 2024-10-25 20:40:05

此配置将不起作用。但这个问题有一些解决方法:

  • 创建 Login() 方法并使用身份验证令牌,将其传递给每个服务方法。
  • 使用自定义验证模式,并通过代码验证用户名\密码,使用 Membership.ValidateUser()

This configuration will not work. But there are workarounds to this issue:

  • Create Login() method and use authentication token, which you pass to every service method.
  • Use custom validation mode, and validate username\password by code, using Membership.ValidateUser()
捎一片雪花 2024-10-25 20:40:05

令牌传递登录或自定义 http 身份验证模块。

这是自定义身份验证模块的链接。 http://custombasicauth.codeplex.com/

对于基于令牌,您可以使用 OAuth 实现。

Token passed login or a custom http authentication module.

Here is a link to a custom authentication module. http://custombasicauth.codeplex.com/

For token based, you could use an OAuth implementation.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文