2013-11-25 135 views
0

我覺得我很接近,但我是WCF的新手,並不能找出爲什麼這不起作用。我嘗試過搜索,但是我找不到使用aspnet成員身份但不使用消息級安全性的示例。我試圖通過https從Android進行身份驗證到WCF服務。它工作得很好,直到我將clientCredentialType從'None'更改爲'Basic'。我必須通過用戶名和密碼進行身份驗證。當我嘗試通過運行slsvcutil.exe對https://myPublicWebsite/ABCService/ABC.svc來更新我的代理它提供了以下錯誤:WCF身份驗證 - TransportCredentialOnly ASPNET成員

The authentication schemes configured on the host ('IntegratedWindowsAuthentication, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Basic'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

這是我服務的web.config文件。感謝你給與我的幫助。

<system.web> 
    <compilation debug="false" strict="false" explicit="true" targetFramework="4.0" /> 
    <customErrors mode="Off" /> 

    <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15"> 
     <providers> 
     <remove name="AspNetSqlMembershipProvider" /> 
     <clear /> 
     <add 
      name="AspNetSqlMembershipProvider" 
      type="System.Web.Security.SqlMembershipProvider" 
      connectionStringName="LocalSqlServer" 
      applicationName="ABC" 
      enablePasswordRetrieval="false" 
      enablePasswordReset="false" 
      requiresQuestionAndAnswer="false" 
      minRequiredPasswordLength="8" 
      requiresUniqueEmail="true" 
      passwordFormat="Hashed" /> 
     </providers> 
    </membership> 
    </system.web> 

    <system.serviceModel> 
    <services> 
     <service name="ABCService.ABC" behaviorConfiguration="metadataBehavior"> 
     <endpoint 
      address="" 
      binding="basicHttpBinding" 
      bindingConfiguration="ABCBinding" 
      contract="ABCService.IService1"/> 
     </service> 
    </services> 

    <behaviors> 
     <serviceBehaviors> 
     <behavior name="metadataBehavior"> 
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/> 
      <serviceDebug includeExceptionDetailInFaults="false"/> 
      <serviceCredentials> 
      <userNameAuthentication 
      userNamePasswordValidationMode="MembershipProvider" 
      membershipProviderName="AspNetSqlMembershipProvider" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

    <bindings> 
     <basicHttpBinding> 
     <binding name="ABCBinding"> 
      <security mode="TransportCredentialOnly"> 
      <transport clientCredentialType="Basic" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 

    <protocolMapping> 
     <add binding="basicHttpsBinding" scheme="https"/> 
    </protocolMapping> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/>  
    <directoryBrowse enabled="false"/> 
    </system.webServer> 

此外,我要在服務代碼中運行驗證檢查?我有這樣的:

Public Class MyCustomUserNameValidator 
    Inherits IdentityModel.Selectors.UserNamePasswordValidator 

    ' This method validates users. It allows two users, test1 and test2 
    ' with passwords 1tset and 2tset respectively. 
    ' This code is for illustration purposes only and 
    ' MUST NOT be used in a production environment because it is NOT secure.  
    Public Overrides Sub Validate(ByVal userName As String, ByVal password As String) 
     If Nothing = userName OrElse Nothing = password Then 
      Throw New ArgumentNullException() 
     End If 

     If Not (userName = "test1" AndAlso password = "1tset") AndAlso Not (userName = "test2" AndAlso password = "2tset") Then 
      Throw New IdentityModel.Tokens.SecurityTokenException("Unknown Username or Password") 
     End If 

    End Sub 
End Class 

但我實在不明白它是如何工作的,因爲我從來沒有稱呼它,我寧願使用默認一個比一個自定義的。我確信這很簡單,但我可以通過搜索找到的所有示例都是用於'自定義'驗證器。這會自動調用嗎?或者我甚至需要它,如果我只是想默認?

回答

1

您使用IIS嗎?您需要在IIS中安裝並啓用基本身份驗證。

但是,即使啓用了基本身份驗證,則只能使用成員提供者和自定義驗證的基於消息的安全,當clientCredentialType設置爲用戶名。基於純傳輸的安全模式(如TransportCredentialOnly和Transport)將無法工作。

Reference - go to the Authentication section

這應該的wsHttpBinding

<security mode="Message"> 
    <message clientCredentialType="UserName" /> 
</security> 

另一種可能連續工作的wsHttpBinding和basicHttpBinding的

<security mode="TransportWithMessageCredential"> 
    <message clientCredentialType="UserName" /> 
</security> 
+0

你是正確的。但是,我使用Xamarin,但他們不支持使用郵件安全性。是否可以在不使用Active Directory的情況下使用傳輸和基本安全性?我可以用其他方式使用會員供應商嗎? – user2197610

+0

也許吧。你可以試試這個http://custombasicauth.codeplex.com/ – LostInComputer

+0

我想要遵循http://leastprivilege.com/2007/10/31/finally-usernames-over-transport-authentication-in-wcf/,但我得到同樣的錯誤。而奇怪的部分是我已經將IIS設置更改爲authentication =「None」,並且當我瀏覽到該網站時,仍然會提示您輸入Windows憑據。任何想法?非常感謝! – user2197610