WCF基於使用者名稱和密碼安全成功測試
經過多次測試,終於探出一種很合適我使用的WCF安全驗證模式。
目標:
1.客戶端與伺服器端通訊使用x509證書驗證,但不用客戶端安裝證書。只需要伺服器端配置好證書即可。
2.驗證使用使用者名稱密碼形式。
操作:
(這裡的測試使用wcf專案模板預設的服務,即只要新建一個使用vs2008自動生成的wcf專案就行了,
它會自動生成有一個GetData方法,我就用這個方法進行測試)
1.新建WCF服務應用程式.
1.1生成一個伺服器證書:執行Visual Studio 2008 命令提示工具:
輸入:makecert -r -pe -n "CN=MyServer" -sr LocalMachine -ss My -sky exchange執行。
-sr LocalMachine 請一定儲存到LodcalMachine中.目的就是到時如果你部署這個wcf服務的時候可以讓IIS找到證書,
反之,IIS會報找不到x509證書.
2.配置web.config檔案:
這裡要注意的是把storeLocation設為LocalMachine,原因也是到時需要部署的時候可以免掉很多麻煩,因為以後釋出到iis時很可以不能正常驗證到證書的私鑰.
- <system.serviceModel>
- <bindings>
- <wsHttpBinding>
- <bindingname="NewBinding0">
- <
- <messageclientCredentialType="UserName"/>
- </security>
- </binding>
- </wsHttpBinding>
- </bindings>
- <services>
- <servicebehaviorConfiguration="WcfService2.Service1Behavior"
- name="WcfService2.Service1">
- <endpointaddress=""binding="wsHttpBinding"bindingConfiguration
- contract="WcfService2.IService1">
- </endpoint>
- <endpointaddress="mex"binding="mexHttpBinding"contract="IMetadataExchange"/>
- </service>
- </services>
- <behaviors>
- <serviceBehaviors>
- <behaviorname="WcfService2.Service1Behavior">
- <serviceMetadatahttpGetEnabled="true"/>
- <serviceDebugincludeExceptionDetailInFaults="false"/>
- <serviceCredentials>
- <clientCertificate>
- <authenticationcertificateValidationMode="None"/>
- </clientCertificate>
- <serviceCertificatefindValue="MyServer"storeLocation="LocalMachine"x509FindType="FindBySubjectName"/>
- <userNameAuthenticationuserNamePasswordValidationMode="Custom"
- customUserNamePasswordValidatorType="WcfService2.MyUserNamePasswordValidator,WcfService2"/>
- </serviceCredentials>
- </behavior>
- </serviceBehaviors>
- </behaviors>
- </system.serviceModel>
3.建造驗證客戶端使用者名稱和密碼的方法.
這裡注意的是必須與web.config檔案中的customUserNamePasswordValidatorType=中的內容一致,
格式是:"名稱空間.方法名,名稱空間"
實際專案應用中這裡應該是從資料庫裡確認用客是否合法。
- namespace WcfService2
- {
- publicclass MyUserNamePasswordValidator : UserNamePasswordValidator
- {
- publicoverridevoid Validate(string userName, string password)
- {
- if (userName != "jac" || password != "jac")
- {
- thrownew SecurityTokenException("Unknown Username or Password");
- }
- }
- }
- }
至此,wcf服務配置完成。
4.新建一個asp.net專案,並新增服務引用這個wcf服務.
5.修改asp.net專案的web.config檔案(一定要在引用wcf服務後).
新增一個endpointBehaviors,
- <behaviors>
- <endpointBehaviors>
- <behaviorname="jacBehavior">
- <clientCredentials>
- <serviceCertificate>
- <authenticationcertificateValidationMode="None"/>
- </serviceCertificate>
- </clientCredentials>
- </behavior>
- </endpointBehaviors>
- </behaviors>
然後讓它生效,
- <endpointaddress="http://j-8de9be98d1184/Service1.svc"behaviorConfiguration="jacBehavior"
- binding="wsHttpBinding"bindingConfiguration="WSHttpBinding_IService1"
- contract="ServiceReference1.IService1"name="WSHttpBinding_IService1">
發下是完整的asp.net客戶端的web.config檔案的system.serviceModel部份
- <system.serviceModel>
- <behaviors>
- <endpointBehaviors>
- <behaviorname="jacBehavior">
- <clientCredentials>
- <serviceCertificate>
- <authenticationcertificateValidationMode="None"/>
- </serviceCertificate>
- </clientCredentials>
- </behavior>
- </endpointBehaviors>
- </behaviors>
- <bindings>
- <wsHttpBinding>
- <bindingname="WSHttpBinding_IService1"closeTimeout="00:01:00"
- openTimeout="00:01:00"receiveTimeout="00:10:00"sendTimeout="00:01:00"
- bypassProxyOnLocal="false"transactionFlow="false"hostNameComparisonMode="StrongWildcard"
- maxBufferPoolSize="524288"maxReceivedMessageSize="65536"messageEncoding="Text"
- textEncoding="utf-8"useDefaultWebProxy="true"allowCookies="false">
- <readerQuotasmaxDepth="32"maxStringContentLength="8192"maxArrayLength="16384"
- maxBytesPerRead="4096"maxNameTableCharCount="16384"/>
- <reliableSessionordered="true"inactivityTimeout="00:10:00"
- enabled="false"/>
- <securitymode="Message">
- <transportclientCredentialType="Windows"proxyCredentialType="None"
- realm=""/>
- <messageclientCredentialType="UserName"negotiateServiceCredential="true"
- algorithmSuite="Default"establishSecurityContext="true"/>
- </security>
- </binding>
- </wsHttpBinding>
- </bindings>
- <client>
- <endpointaddress="http://j-8de9be98d1184/Service1.svc"behaviorConfiguration="jacBehavior"
- binding="wsHttpBinding"bindingConfiguration="WSHttpBinding_IService1"
- contract="ServiceReference1.IService1"name="WSHttpBinding_IService1">
- <identity>
- <certificateencodedValue="AwAAAAEA.....................eGtnWJsvtFQsEuzDYw=="/>
- </identity>
- </endpoint>
- </client>
- </system.serviceModel>
6.呼叫.
- ServiceReference1.Service1Client sc = new WebApplication1.ServiceReference1.Service1Client();
- sc.ClientCredentials.UserName.UserName = "jac";
- sc.ClientCredentials.UserName.Password = "jac";
- Label1.Text = sc.GetData(22);
完成。
原始檔請到我的資源中下載.
還想提下,這個csdn部落格的寫部落格的TextEditer爛到極點了。。