定制“基本”我的 WCF 服务的身份验证。休息和放射免疫分析。可能的?
我的服务器端包含 WCF4 REST 服务,我将为我未来的 SL4 应用程序添加 RIA 服务。目前我正在做这样的基本身份验证:
var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");
等等..你明白了..我在每个请求上调用它。如果标头不存在或者我无法验证 UN/密码 - 我会这样做:
outgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
到目前为止,我已经做到了,但我正在重构我的服务器端。为链接服务实施 IoC。创建了自定义 ServiceHost、ServiceHostFactory、InstanceProvider,一切都很好。
现在我需要弄清楚如何使用 WCF 正确处理身份验证和授权,这样我就不必手动检查标头。我确实有自定义的 MembershipProvider,因此必须有某种方法可以让 UN/PW 进行处理。
任何人都可以建议我应该走哪条路吗?
My server side contains WCF4 REST services and I'm going to add RIA services for my future SL4 application. Currently I'm doing Basic authentication like this:
var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");
And so on.. You get the idea.. I call this on every request. If header not present or I can't validate UN/Password - I do this:
outgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
That got me by so far but I'm refactoring my server side. Implementing IoC for linked services. Created custom ServiceHost, ServiceHostFactory, InstanceProvider and all is well.
Now I need to figure how to properly handle authentication and authorization with WCF so I don't have to manually inspect headers. I do have my custom MembershipProvider so there have to be some method that get's UN/PW to process.
Any pointers? I looked at http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx but it uses RequestInterceptor and it is not available in WCF4. I found ServiceAuthenticationManager and ServiceAuthorizationManager but there is no samples available on how to code and wire those..
Can anybody suggest which way I should go?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试使用此自定义 HTTP 模块。它将向 IIS 添加新的身份验证模式,并允许您使用自定义凭据验证。
Try to use this custom HTTP module. It will add new authentication mode to IIS and it will allow you using custom credentials validation.
我在最近的 SOAP/C# 项目中使用 WCF 的内置注释时遇到了各种类型的问题。我知道这不是最好的解决方案,但出于我的目的,我在 IIS7 中为我的应用程序启用了基本身份验证,禁用了匿名身份验证,并为将调用 Web 服务端点的外部客户端创建了 Active Directory 用户。然后,我更改了 IIS7 中应用程序的权限(它使用文件系统权限)以允许包含这些用户的组。
这会将身份验证移到应用程序之外,这可能不是您想要的,但确实允许您通过 IIS7 控制台和可以复制这些权限的部署工具轻松添加用户。优点是您不必因权限更改而重新部署应用程序。缺点是无法对每个功能进行细粒度的权限控制。
I had all types of issues using the built-in annotations for WCF in a recent SOAP/C# project. I know this isn't the best solution, but for my purposes, I enabled basic authentication in IIS7 for my application, disabled anonymous authentication and created Active Directory users for the external clients that would call the web service endpoints. I then changed the application's permissions in IIS7 (it uses file system permissions) to allow a group containing those users.
This moves authentication outside your application, which may not be what you want, but does allow you to easily add users via the IIS7 console and deployment tools that can copy those permissions. The advantage is that you don't have to redeploy your application for permission changes. The disadvantage is you can't do fine grained permission control per function.