使用 WebAuthenticationConfiguration 时启用 401 质询响应
我有一个非常简单的 WCF4 Restful Web 服务,它使用 WcfRestContrib 来允许自定义基本身份验证。当客户端抢先提供用户名和密码时,它效果很好,但如果不提供,它会返回 400 错误请求响应,而不是要求客户端提供凭据(通过 401 响应)。
该服务使用声明性方法通过使用属性装饰必要的类来实现 WcfRestContrib。这是我的 ServiceContract 声明:
// Standard attributes here
[WebAuthenticationConfiguration(typeof(WebBasicAuthenticationHandler),
typeof(SecurityValidator),
false,
"SearchService")
]
public class SearchService
其中只有一个非常简单的操作:
// Standard attributes here
[OperationAuthentication]
SearchResponse Fetch(SearchRequest request)
我的 UserNamePasswordValidator 看起来像(尽管它可能并不重要,因为它仅在传递凭据时被调用):
public override void Validate(string userName, string password)
{
// TODO: Insert login validation logic here.
// To indicate login failure, throw a FaultException
// throw new FaultException("Unknown Username or Incorrect Password");
// Just return to indicate that the username and password are valid
return;
}
我尝试调试 WcfRestContrib并发现 WebBasicAuthenticationHandler 类抛出 BasicAuthorizationException (仅在框架代码中捕获),但是,由于某种原因它没有转换401 异常。
根据我在 WcfRestContrib github 站点 上读到的内容,有 < a href="https://github.com/mikeobrien/WcfRestContrib/issues/5" rel="nofollow noreferrer">作者发布的问题(Mike O'Brian) 说他希望看到它返回除 401 之外的任何内容,我读到它目前返回 401 挑战。
如果有这个功能那么我错过了什么,或者我做错了什么?
更新
如果没有办法使用 WcfRestContrib 执行此操作,是否有其他方法可以实现此目的(除了在 IIS 中使用标准的基于 Windows 的基本身份验证之外)?我对任何(其他)替代解决方案持开放态度。
I have a very simple WCF4 Restful web service which uses WcfRestContrib to allow custom Basic Authentication. It works great when the client preemptively supplies a username and password but if they don't it returns a 400 Bad Request response rather than challenging the client to supply credentials (through a 401 response).
The service is using the declarative approach to implementing WcfRestContrib by decorating the necessary classes with Attributes. Here is my ServiceContract declaration:
// Standard attributes here
[WebAuthenticationConfiguration(typeof(WebBasicAuthenticationHandler),
typeof(SecurityValidator),
false,
"SearchService")
]
public class SearchService
Which only has one very simple operation:
// Standard attributes here
[OperationAuthentication]
SearchResponse Fetch(SearchRequest request)
And my UserNamePasswordValidator looks like (though it probably doesn't matter since it only gets called when credentials are passed):
public override void Validate(string userName, string password)
{
// TODO: Insert login validation logic here.
// To indicate login failure, throw a FaultException
// throw new FaultException("Unknown Username or Incorrect Password");
// Just return to indicate that the username and password are valid
return;
}
I tried to debug WcfRestContrib and found that the WebBasicAuthenticationHandler class is throwing a BasicAuthorizationException (which is only caught in framework code), however, for some reason it isn't transforming the exception into a 401.
Based on what I've read on the WcfRestContrib github site, there is an issue posted by its author (Mike O'Brian) saying that he'd like to see it return anything other than a 401 which I read as it currently returns the 401 challenge.
If this functionality is there then what am I missing, or am I doing something else wrong?
UPDATE
If there is not a way to do this with WcfRestContrib, is there an alternative way to achieve this (beyond using the standard Windows-based Basic Authentication in IIS)? I'm open to any (other) alternative solution.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想通了。我需要使用
ErrorHandlerAttribute来装饰我的 ServiceContract:只需将
[ErrorHandler(typeof(WebErrorHandler))]属性添加到服务即可使所有神奇的事情发生。我知道这一定是简单的事情,只是希望我能在把额头平放在桌子上之前看到它。I figured it out. I needed to decorate my ServiceContract with the
ErrorHandlerAttribute:Just by adding the
[ErrorHandler(typeof(WebErrorHandler))]attribute to the service makes all of the magic happen. I knew it had to be something simple, just wish I would have seen it before flattening my forehead on my desk.