2010-10-27 82 views
1

我有一個啓用了角色的SqlMembershipProvider商店。這已配置,並且角色「xxUser」和「xxAdmin」中具有用戶「devtest」。ASP.NET會員供應商身份驗證無法驗證WCF服務

我也有一個WCF服務,我想進行身份驗證和授權。我的問題是:

  1. 授權並不 發生,儘管該策略屬性代碼只是執行
  2. 我沒有得到任何身份或安全 上下文,以便不知道誰是 調用服務

我需要:

  1. 知道哪些用戶被呼叫 方法
  2. 一定程度上拒絕 用戶如果權限不匹配 (理想情況下這應該是執行中的 RoleProvider /的MembershipProvider/WCF ,但可以做我自己,如果我要)
  3. 在SSL運輸

我有我的服務合同成立這樣的:

[ServiceContract] 
    public interface ISupportService 
    { 
     [OperationContract] 
     [PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")] 
     List<BaseInterestRate> GetAllBaseInterestRates(); 
    } 

的代碼是簡單的電子nough:

public class SupportService : ISupportService 
{ 
    public List<BaseInterestRate> GetAllBaseInterestRates() 
    { 
     OperationContext operationContext = OperationContext.Current; 
     ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null 

     using (xxxEntities entities = new xxxEntities()) 
     { 
      return new List<BaseInterestRate>(entities.BaseInterestRates); 
     } 
    }} 

我的服務配置是這樣的:

- >

<behaviors> 
    <serviceBehaviors> 
     <behavior name="SupportServiceBehavior"> 
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 
      <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" /> 
      <serviceCredentials> 
       <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" 
membershipProviderName="SqlMembershipProvider" /> 
      </serviceCredentials> 
     </behavior> 
    <behavior>  
     <serviceMetadata httpGetEnabled="true"/> 
     <serviceDebug includeExceptionDetailInFaults="false"/> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 

在已經配置的MembershipProvider:

<membership defaultProvider="SqlMembershipProvider" > 
     <providers> 
      <clear/> 
      <add name="SqlMembershipProvider" 
    connectionStringName="SqlMembershipProvider" 
    applicationName="xxx" 
    type="System.Web.Security.SqlMembershipProvider" /> 
     </providers> 
    </membership> 
    <roleManager enabled="true"> 
     <providers> 
      <clear /> 
      <add connectionStringName="SqlMembershipProvider" applicationName="xxx" 
      name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" /> 
      <add applicationName="xxx" name="AspNetWindowsTokenRoleProvider" 
      type="System.Web.Security.WindowsTokenRoleProvider" /> 
     </providers> 
    </roleManager> 

我按照這些網頁,以信中的說明:

我將在免得期望與證書/運輸/等等的問題。以異常失敗,但我可以在WCF調用中進行調試。我沒有可用的安全上下文/用戶上下文,當我使用的用戶不是上述兩個角色(我在上面的代碼示例中使用)時,我不會被「踢出」。

我的客戶端應用程序目前是一個Web應用程序,但最終還會提供Windows窗體應用程序和測試套件。我目前正在使用ASP.NET WebDev服務器並運行.NET 4.0。

我錯過了什麼嗎?

+0

什麼是ISupportService執行的屬性? – Aliostad 2010-10-27 11:43:09

+0

實現類沒有任何屬性。我更新了該帖子以反映。 – 2010-10-27 12:31:20

回答

0

我對WCF Rest服務有點新,但是在我自己的測試中遇到類似的問題。

http://channel9.msdn.com/blogs/rojacobs/endpointtv-securing-restful-services-with-aspnet-membership

本質的問題是,asp.net配置下,我不得不禁用:我碰到這個視頻,這有助於位(即使它不完全是我要怎樣做)來爲了它使用的MembershipProvider認證匿名訪問:

system.web> 
    <authorization> 
     <deny users="?" /> 
    </authorization> 
... 
+0

謝謝。隨着時間的推移,我實際上已經把它拋棄了。我正在使用CustomUserNamePasswordValidator。在這裏博客:http://bloggingabout.net/blogs/program.x/archive/2011/01/20/silverlight-and-asp-net-compatible-wcf-over-ssl.aspx這就是我想要的時間! – 2011-01-24 16:21:55

0

我不認爲你可以設置界面上的主體權限。 我敢打賭,如果你移動到服務實現的方法,將工作

,或者至少開始打破出於不同的原因(我目前停留在這一點 - 我得到拒絕訪問異常 - !希望你不要)

(我第一次嘗試把他們的合同接口也)

0

這是WCF服務的正確配置自託管使用SSL:

<?xml version="1.0"?> 
<configuration> 
    <startup> 
     <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> 
    </startup> 
    <connectionStrings> 
     <add name="mySqlConnection" connectionString="Data Source=.\SQLEXPRESS2012;Integrated Security=SSPI;Initial Catalog=aspnetdb;"/> 
    </connectionStrings> 
    <system.web> 
     <compilation debug="true"/> 
     <!-- Configure the Sql Membership Provider --> 
     <membership defaultProvider="MySqlMembershipProvider" userIsOnlineTimeWindow="15"> 
     <providers> 
      <clear/> 
      <add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="mySqlConnection" applicationName="UsersManagementNavigationApplication" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"/> 
     </providers> 
     </membership> 

     <!-- Configure the Sql Role Provider --> 
     <roleManager enabled="true" defaultProvider="MySqlRoleProvider"> 
     <providers> 
      <clear/> 
      <add name="MySqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="mySqlConnection" applicationName="UsersManagementNavigationApplication"/> 
     </providers> 
     </roleManager> 
    </system.web> 
    <system.serviceModel> 
     <bindings> 
     <webHttpBinding> 
      <binding name="webBinding"> 
       <security mode="Transport"> 
        <transport clientCredentialType="Basic"/> 
       </security> 
      </binding> 
     </webHttpBinding> 
     <basicHttpBinding> 
      <binding name="basicBindingConfiguration"> 
       <security mode="Transport"> 
        <transport clientCredentialType="Basic"/> 
       </security> 
      </binding> 
     </basicHttpBinding> 
     </bindings> 
     <behaviors> 
     <endpointBehaviors> 
      <behavior name="webEndpointBehavior"> 
       <webHttp/> 
      </behavior> 
     </endpointBehaviors> 
     <serviceBehaviors> 
      <behavior name="webServiceBehavior"> 
       <serviceMetadata httpsGetEnabled="true"/> 
       <serviceThrottling/> 
       <serviceDebug/> 
      </behavior> 
      <behavior name="myServiceBehavior"> 
       <!-- Configure role based authorization to use the Role Provider --> 
       <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="MySqlRoleProvider"> 
       </serviceAuthorization> 
       <serviceCredentials> 
        <!-- Configure user name authentication to use the Membership Provider --> 
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceHTTPSSelfHosted.MyCustomValidator, WcfServiceHTTPSSelfHosted" /> 
       </serviceCredentials> 
       <!-- To avoid disclosing metadata information, set the value below to false before deployment --> 
       <serviceMetadata httpsGetEnabled="true"/> 
       <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
       <serviceDebug includeExceptionDetailInFaults="false"/> 
      </behavior> 
     </serviceBehaviors> 
     </behaviors> 
     <services> 
     <service behaviorConfiguration="myServiceBehavior" name="WcfServiceHTTPSSelfHosted.WcfServiceHTTPSSelfHosted"> 
      <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicBindingConfiguration" contract="WcfServiceHTTPSSelfHosted.IWcfServiceHTTPSSelfHosted"/> 
      <endpoint address="web" behaviorConfiguration="webEndpointBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="WcfServiceHTTPSSelfHosted.IWcfServiceHTTPSSelfHosted"/> 
      <endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange"/> 
      <host> 
       <baseAddresses> 
        <add baseAddress="https://localhost:50001/WcfServiceHTTPSSelfHosted/"/> 
       </baseAddresses> 
      </host> 
     </service> 
     </services> 
    </system.serviceModel> 
</configuration> 

,如果你想了解更多的信息一起來看看這個:

http://www.albertoschiassi.it/Home/tabid/55/EntryId/94/Use-ASP-NET-SqlMemberShipProvider-in-WCF-self-hosted-service.aspx

http://www.albertoschiassi.it/Home/tabid/55/EntryId/95/Use-ASP-NET-SqlMemberShipProvider-in-WCF-self-hosted-service-with-SSL.aspx