可以使用2种类型的身份验证:wcf中的windows和用户名,使用消息安全模式和证书进行身份验证。我的用户名认证CFG /代码如下:
服务器CFG:
WCF混合身份验证用户名和WIndows
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceCredentialsBehavior">
<serviceCredentials>
<serviceCertificate findValue="cn=cool" storeName="TrustedPeople" storeLocation="CurrentUser" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Util.CustomUserNameValidator, Util" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MessageAndUserName">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client/>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
客户CFG:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="LocalCertValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService" >
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:48097/WCFServer/Service.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService"
contract="ServiceReference1.IService"
name="WSHttpBinding_IService" behaviorConfiguration="LocalCertValidation">
<identity>
<dns value ="cool" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
什么改变,服务器要知道,访问Windows标识?
不,它不起作用。 也许我不正确设置Windows凭据,以及如何从服务器检索它们? – croisharp
你真的需要2种不同的身份验证方法吗?您可以将客户端的Windows凭据传递给服务,并允许该服务[模拟用户](http://www.danrigsby.com/blog/index.php/2008/04/17/impersonate-a-clients-身份在-WCF /)。这可能比尝试混合和匹配身份验证类型更好。如果要验证用户名,可以将它们存储在数据库中,并将它们与'WindowsIdentity.GetCurrent()'返回的对象中模拟的客户端用户的详细信息进行比较(最好存储sid,因为可以更改用户名) – Franchesca
是的,我需要2身份验证。方法+与NetSqlAzMan授权,但我知道所有如何做,这是我的问题与混合认证.. – croisharp