WCF - IErrorHandler 与身份验证

发布于 11-28 11:06 字数 292 浏览 1 评论 0原文

我正在编写一个带有一些身份验证和自定义错误处理程序的 WCF 服务。但是,我遇到了这个问题:当身份验证引发异常时,我的 IErrorHandler 实现没有受到影响,但在其他异常情况下运行得很好。

身份验证是否在构建 IErrorHandler 之前运行?我是否在向错误的树吠叫,试图让它捕获这些错误?

是的,我已经尝试(并且正在)在身份验证中抛出 FaultException,而不是 SecurityTokenException

I'm writing a WCF service with some authentication and a custom error handler. However, I'm coming up against this problem: my implementation of IErrorHandler is not getting hit when the authentication throws an exception, but runs just fine with other exeptions.

Does authentication run before IErrorHandler gets built? Am I barking up the wrong tree trying to get it to catch those errors?

Yes, I have tried (and am) throwing a FaultException in my authentication, not SecurityTokenException.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

心如荒岛2024-12-05 11:06:12

因此,第一件事是确保您的自定义错误处理程序也实现 IServiceBehavior。 IServiceBehavior 要求您实现几个其他方法,但重要的一个是“ApplyDispatchBehavior”,您必须在其中将 ErrorHandler 添加到通道调度程序。

C#

public class CustomErrorHandler: IServiceBehavior, IErrorHandler
{
    public bool HandleError(Exception error)
    {
        //Return True here if you want the service to continue on as if
        //  the error was handled

        return true;
    }

    public void ProvideFault(Exception error,
                             MessageVersion version,
                             ref Message fault)
    {
        FaultException fe = new FaultException(
            new FaultReason(error.Message),
            new FaultCode("Service Error"));

        MessageFault mf = fe.CreateMessageFault();
        fault = Message.CreateMessage(version, mf, fe.Action);
    }

    public void ApplyDispatchBehavior(ServiceDescription serviceDescription, 
                                      ServiceHostBase serviceHostBase)
    {

        IErrorHandler eh = new CustomErrorHandler();

        foreach (ChannelDsipatcherBase cdb in serviceHostBase.ChannelDispatchers)
        {
            ChannelDispatcher cd = cdb as ChannelDispatcher;
            cd.ErrorHandlers.Add(eh);
        }

    }

    public void AddBindingParameters(ServiceDescription serviceDescription,
                                     ServiceHostBase serviceHostBase, 
                                     Collection<ServiceEndpoint> endpoints, 
                                     BindingParameterCollection bindingParameters)
    {
        //Add binding parameters if you want, I am not
    }

    public void Validate(ServiceDescription serviceDescription,
                         ServiceHostBase serviceHostBase)
    {
        //Add custom fault validation here if you want
    }
}

那么你需要添加 CustomErrorHandler 作为服务行为,并添加行为

web.config

<system.serviceModel>
    <extensions>
        <behaviorExtensions>
            <add name="ErrorHandler"
                 type="ServiceNamespace.CustomErrorHandler, ServiceNamespace, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
        </behaviorExtensions>
    </extensions>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyBehavior1">
                <!--Put other behaviors for your service here then add the next line-->
                <ErrorHandler />
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

这样你所有抛出的异常都会被转换为错误返回给客户端。

对于 SecurityTokenExceptions,您不希望立即将它们转换为故障异常。实际上,您确实希望在自定义验证中将它们作为 SecurityTokenException 抛出,以便服务/服务器识别安全授权失败,并自动返回“403:访问被拒绝”的错误。我不是 100%,但我认为自定义身份验证和验证部分发生在自定义服务行为(如错误处理程序)加载之前。不幸的是,如果您需要对身份验证中的某些问题进行故障排除,则需要在服务上打开 WCF 跟踪,请参阅标题为“如何打开 WCF 跟踪”。

如果您需要记录失败的身份验证尝试,您可能需要将其直接放入自定义验证器中。

So first thing is to make sure that your custom Error Handler is also implementing IServiceBehavior. IServiceBehavior requires that you implement a couple other methods but the important one is "ApplyDispatchBehavior", in which you must add the ErrorHandler to the channel dispatchers.

C#

public class CustomErrorHandler: IServiceBehavior, IErrorHandler
{
    public bool HandleError(Exception error)
    {
        //Return True here if you want the service to continue on as if
        //  the error was handled

        return true;
    }

    public void ProvideFault(Exception error,
                             MessageVersion version,
                             ref Message fault)
    {
        FaultException fe = new FaultException(
            new FaultReason(error.Message),
            new FaultCode("Service Error"));

        MessageFault mf = fe.CreateMessageFault();
        fault = Message.CreateMessage(version, mf, fe.Action);
    }

    public void ApplyDispatchBehavior(ServiceDescription serviceDescription, 
                                      ServiceHostBase serviceHostBase)
    {

        IErrorHandler eh = new CustomErrorHandler();

        foreach (ChannelDsipatcherBase cdb in serviceHostBase.ChannelDispatchers)
        {
            ChannelDispatcher cd = cdb as ChannelDispatcher;
            cd.ErrorHandlers.Add(eh);
        }

    }

    public void AddBindingParameters(ServiceDescription serviceDescription,
                                     ServiceHostBase serviceHostBase, 
                                     Collection<ServiceEndpoint> endpoints, 
                                     BindingParameterCollection bindingParameters)
    {
        //Add binding parameters if you want, I am not
    }

    public void Validate(ServiceDescription serviceDescription,
                         ServiceHostBase serviceHostBase)
    {
        //Add custom fault validation here if you want
    }
}

Then you need to add the CustomErrorHandler as a service behavior and add the behavior

web.config

<system.serviceModel>
    <extensions>
        <behaviorExtensions>
            <add name="ErrorHandler"
                 type="ServiceNamespace.CustomErrorHandler, ServiceNamespace, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
        </behaviorExtensions>
    </extensions>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyBehavior1">
                <!--Put other behaviors for your service here then add the next line-->
                <ErrorHandler />
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

This way all your thrown exceptions will be converted to faults to return back to the client.

In the case of SecurityTokenExceptions, you do not want to convert those to Fault Exceptions right away. You actually do want to throw these as SecurityTokenExceptions in the custom validation in order for the service/server to recognize that the security authorization failed, and automatically returns as a fault equiv of a "403 : Access Denied". I am not 100% but I think that the custom auth and validation pieces happen before custom service behaviors, like the error handler, are loaded. Unfortunately, if you need to troubleshoot something in your auth, you will need to turn on WCF tracing on the service, see this article titled "How to turn on WCF Tracing".

If you need to log failed auth attempts, you will probably need to put it directly in your custom validator.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文