Windows Azure基本身份验证在云中不起作用？

Question

我正在使用soap（wcf）构建服务。我想通过一个密码和用户名让我的端点更安全一些。当我尝试添加以下配置时，Windows Azure会引发以下错误：

错误：此配置节不能用于此路径。当部分锁定在父级别时，会发生这种情况。锁定可以是默认的（overrideModeDefault =“Deny”），也可以是带有overrideMode =“Deny”或legacy allowOverride =“false”的位置标签。

Linecode是： 我在测试locale时必须在我的IIS中更改此设置，但在Windows Azure平台上我无法调整它吗？

我想要做的就是使用自己的密码和用户名进行访问。是

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <system.diagnostics> 
    <trace> 
     <listeners> 
     <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics"> 
      <filter type="" /> 
     </add> 
     </listeners> 
    </trace> 
    </system.diagnostics> 
    <system.web> 
    <compilation debug="true" targetFramework="4.0" /> 
    <customErrors mode="Off"/> 
    </system.web> 

    <system.serviceModel> 

    <behaviors> 
     <serviceBehaviors> 
     <behavior name="credsBehavior"> 
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> 
      <serviceMetadata externalMetadataLocation="external metadata location" /> 

      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 
      <serviceCredentials> 
      <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFServiceWebRole.CustomUserNameValidator, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
     <endpointBehaviors> 
     <behavior name="ServiceEndpointBehavior"> 
      <schemaValidator validateRequest="True" validateReply="False"> 
      <schemas> 
       <add location="schemalocation" /> 
      </schemas> 
      </schemaValidator> 
     </behavior> 
     </endpointBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="false" /> 

    <extensions> 
     <behaviorExtensions> 
     <add name="schemaValidator" type="WCFServiceWebRole.Validation.SchemaValidationBehaviorExtensionElement, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> 
     </behaviorExtensions> 
    </extensions> 

    <bindings> 
     <basicHttpBinding> 
     <binding name="BasicHttpsBinding_CvServiceInterface" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="01:00:00" openTimeout="01:00:00" closeTimeout="01:00:00" sendTimeout="01:00:00"> 
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" 
         maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> 

      <security mode="Transport"> 
       <transport clientCredentialType="Basic"/> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 

    <services> 
     <service name="WCFServiceWebRole.CvService" behaviorConfiguration="credsBehavior"> 
     <endpoint address="myendpoint" behaviorConfiguration="ServiceEndpointBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_CvServiceInterface" contract="ICvService" /> 
     </service> 
    </services> 

    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    <directoryBrowse enabled="true" /> 

    <security> 
     <authentication> 
     <basicAuthentication enabled="true"/> 
     </authentication> 
    </security> 
    </system.webServer> 
</configuration> 

<!--<system.webServer> 
    <security> 
    <authentication> 
     <anonymousAuthentication enabled="false" /> 
     <basicAuthentication enabled="true" /> 
    </authentication> 
    </security> 
</system.webServer>--> 

的Jeroen

Answer 1

就像Sandrino所说的，我不需要basicauth就可以通过自定义用户名和密码来获得授权和认证。

相反的：

<security mode="Transport"> 
<transport clientCredentialType="Basic"/> 
</security> 

我不得不这样做：

<security mode="TransportWithMessageCredential"> 
    <transport clientCredentialType="None"/> 
    <message clientCredentialType="UserName" /> 
    </security> 

在客户端：

ServiceReference1.CvServiceInterfaceClient cl = new ServiceReference1.CvServiceInterfaceClient(); 
    ClientCredentials creds = new ClientCredentials(); 

    creds.UserName.UserName = "username"; 
    creds.UserName.Password = "password"; 
    var defaultCredentials = cl.Endpoint.Behaviors.Find<ClientCredentials>(); 
    cl.Endpoint.Behaviors.Remove(defaultCredentials); 
    cl.Endpoint.Behaviors.Add(creds); 

的Jeroen

Answer 2

基本验证是默认不可用在Windows Azure Web角色。

你需要创建2个启动脚本：

PowerShell脚本安装基本身份验证

Import-Module ServerManager 
Add-WindowsFeature Web-Basic-Auth 

注：这需要被包含在Windows Server PowerShell 2.0中2008 R2（您需要将osFamily设置为2才能获得Windows Server 2008 R2：http://msdn.microsoft.com/en-us/library/windowsazure/ee758710.aspx）

.bat文件将激活基本认证

%windir%\system32\inetsrv\appcmd set config /section:basicAuthentication /enabled:true 

问题

为什么你甚至需要基本身份验证？纠正我，如果我错了，但WCF中的用户名/密码身份验证应该工作没有IIS，所以我不明白为什么它需要基本身份验证工作。