1. 首页
  2. 问答
  3. WCF与自定义MembershipProvider和没有X.509证书,可能吗?

WCF与自定义MembershipProvider和没有X.509证书,可能吗?

2011-04-03 87 views
1

我想根据自定义成员身份和角色提供者来验证WCF服务的用户,但我不希望使用证书来保护流量。WCF与自定义MembershipProvider和没有X.509证书,可能吗?

是否有可能使用basicHttpBinding,传递没有证书的自定义凭证?

我问,因为我有一个WCF服务与所有的成员提供商管道等通过配置连接和托管在IIS下,但用户的详细信息没有被传递到IIS。

我有一个广域网,网络安全,所以我不担心消息加密。

ASP.Net兼容性已打开,配置如下。这都是.Net 4.0;

<?xml version="1.0"?> 
<configuration> 
<system.web> 
<compilation debug="true" targetFramework="4.0" /> 
<membership defaultProvider="DemoMembershipProvider" userIsOnlineTimeWindow="15"> 
    <providers> 
    <clear /> 
    <add name="DemoMembershipProvider" type="DemoMembershipProvider" connectionStringName="SqlConn" applicationName="TestProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Clear" /> 
    </providers> 
</membership> 
<roleManager enabled="true" defaultProvider="DemoRoleProvider" > 
    <providers> 
    <clear/> 
    <add name="DemoRoleProvider" connectionStringName="blah" applicationName="TestProvider" type="DemoRoleProvider" /> 
    </providers> 
</roleManager> 
<customErrors mode="Off" /> 
</system.web> 
<system.serviceModel> 
<services> 
    <service name="DataService"> 
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BindingConfiguration" contract="IDataService" /> 
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
    </service> 
</services> 
<bindings> 
    <basicHttpBinding> 
    <binding name="BindingConfiguration"> 
     <security mode="None"> 
     <message clientCredentialType="UserName"/> 
     </security> 
    </binding> 
    </basicHttpBinding> 
</bindings> 
<behaviors> 
    <serviceBehaviors> 
    <behavior> 
     <serviceMetadata httpGetEnabled="true" /> 
     <serviceDebug includeExceptionDetailInFaults="true" /> 
     <serviceCredentials> 
     <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="DemoMembershipProvider" /> 
     </serviceCredentials> 
     <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="DemoRoleProvider" /> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" /> 
</system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
</system.webServer> 
</configuration>

客户端代码是;

  Console.WriteLine("Calling with valid credentials"); 
     using (var y = new DataServiceRef.DataServiceClient()) 
     { 
      y.ClientCredentials.UserName.UserName = "ryan"; 
      y.ClientCredentials.UserName.Password = "password"; 
      Console.WriteLine("Result: {0}", y.GetData("blah")); 
     }

来源

2011-04-03 Ryan O' Neill

回答

5

您必须使用自定义绑定,因为默认绑定不支持无安全通道发送的用户名和密码(无论是运输或信息安全地方都需要证书)。使用此自定义绑定:

<customBinding> 
    <binding name="UsernamePasswordOverHttp"> 
    <textMessageEncoding messageVersion="Soap11" /> 
    <security 
     authenticationMode="UserNameOverTransport" 
     messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
     allowInsecureTransport="true" /> 
    <httpTransport /> 
    </binding> 
</customBinding>

另一种解决方案是使用ClearUserNameBinding

来源

2011-04-03 19:58:12

相关问题

 相关问题