0
我遇到以下情况:如何评估WCF服务器上的自定义ClientCredentials?
Windows“胖客户端”应用程序正在连接到WCF Web服务。这两种,客户端和web服务使用精确相同的结合,它看起来像这样:
private static NetTcpBinding Message_Security_UserName_Credentials()
{
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
binding.PortSharingEnabled = true;
return binding;
}
客户端发送“定制”的客户端证书的Web服务。自定义客户端凭证类是这样的:
public class CustomClientCredentials : ClientCredentials
{
public CustomClientCredentials()
{
AuthorizationToken = String.Empty;
this.ClientCertificate.Certificate = Certificates.ClientPFX;
this.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom;
this.ServiceCertificate.Authentication.CustomCertificateValidator = new CustomClientX509CertificateValidator("CN");
}
private string authorizationtoken;
public string AuthorizationToken
{
get
{
return this.authorizationtoken;
}
set
{
if (value == null)
{
throw new ArgumentNullException("value");
}
this.authorizationtoken = value;
}
}
public String Name
{
set
{
this.UserName.UserName = value;
}
}
public String Password
{
set
{
this.UserName.Password = value;
}
}
protected CustomClientCredentials(CustomClientCredentials other)
: base(other)
{
this.AuthorizationToken = other.AuthorizationToken;
}
protected override ClientCredentials CloneCore()
{
return new CustomClientCredentials(this);
}
}
总之,发送自定义客户端证书到服务的过程是这样的:
ChannelFactory<ILoginService> factory = new ChannelFactory<ILoginService> (binding, endpointaddress);
factory.Endpoint.Behaviors.Remove<ClientCredentials>();
CustomClientCredentials credentials = new CustomClientCredentials() {Name = this.User.EMail, Password = this.User.Password, AuthorizationToken = String.Empty};
factory.Endpoint.Behaviors.Add(credentials);
ILoginService client = factory.CreateChannel();
Token result = client.LogIn();
在服务器上,我使用自定义的UserPasswordValidator读出客户端凭据。它看起来像这样:
public class CustomServiceUserNamePasswordValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
}
}
到目前为止一切正常。正如您在我的自定义ClientCredentials类中所看到的,我想向服务器发送更多附加信息。
我的问题是:我必须做什么,读取服务器上接收到的自定义客户端凭据?
我脑海中的理论是,我只需告诉服务器上的服务端点,他应该期待某种类型的凭证,然后他可以评估它们。
我遵循这两个链接,我完全按照说明操作,并且完美地工作。每个人都应该知道,因为它可能有点令人困惑:对于像我这样以编程方式完成所有WCF工作的人来说,可以跳过“应用程序配置”步骤。您只需要这些类:ClientCredentials,SecurityTokenManager,SecurityTokenAuthenticator和IAuthorizationPolicy。而这对双方而言,意味着客户端和服务器的独立性。 – Michael
首先关注此:https://msdn.microsoft.com/en-us/library/ms730868%28v=vs.110%29.aspx然后按照此:https://msdn.microsoft.com/en-us/ library/ms730079%28v = vs.110%29.aspx,你很好走。 – Michael