定义在象在web.config的结合:
<basicHttpBinding>
<binding name="BasicAuthBinding">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
然后定义一个服务行为,如:
<behavior name="Namespace.TestBehaviour">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Namespace.ServiceSecurity.UserAuthenticator, Namespace" />
</serviceCredentials>
<serviceAuthorization>
<authorizationPolicies>
<add policyType="Namespace.ServiceSecurity.MyAuthorizationPolicy, Namespace" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
然后提供自定义的认证和授权类如下:
public class MyAuthorizationPolicy: IAuthorizationPolicy
{
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IList<IIdentity> identities = (IList<IIdentity>) evaluationContext.Properties["Identities"];
foreach (IIdentity identity in identities)
{
if (identity.IsAuthenticated &&
identity.AuthenticationType == "UserAuthenticator")
{
evaluationContext.Properties["Principal"] = identity.Name;
return true;
}
}
if (!evaluationContext.Properties.ContainsKey("Principal"))
{
evaluationContext.Properties["Principal"] = "";
}
return false;
}
public ClaimSet Issuer
{
get { throw new NotImplementedException(); }
}
}
验证如下:
public class UserAuthenticator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
//authenticate me however you want
//then set whatever you want
}
}
如果您需要进一步的安全性,改变basicHttpBinding的到的wsHttpBinding和使用证书
编辑:差点忘了,使用所定义的服务行为,并在web.config中的服务接口定义绑定。
>谢谢!我现在已经实现了这一点,但在浏览服务时得到以下异常:BasicHttp绑定要求BasicHttpBinding.Security.Message.ClientCredentialType与安全消息的BasicHttpMessageCredentialType.Certificate凭证类型相同。为UserName凭证选择Transport或TransportWithMessageCredential安全性。 – Banshee
>我已经尝试设置绑定到这一点:<绑定名称=“BasicAuthIntegration”> <安全模式=“TransportCredentialOnly”> <运输clientCredentialType =“基本”> ,这是将得到的服务会但是当试图从测试客户端调用服务时(使用ClientCredentials.UserName.UserName和ClientCredentials.UserName.Password),我将得到以下异常(在客户端中):HTTP请求未经客户端身份验证方案“Basic”的授权。从服务器收到的验证头是'Basic realm ='localhost''。 – Banshee