有一個問題,同時使利用WCF與的WebHttpBinding設置爲基本身份驗證(HttpClientCredentialType.Basic)從客戶雙重要求,同時使利用WCF與POX的WebHttpBinding REST調用設置爲基本身份驗證
而不是一個呼叫POX REST調用在HTTP標題中指定「授權:基本」時,將進行兩個調用。首先不進行身份驗證的呼叫,以及401未授權錯誤的服務響應,第二次呼叫具有適當的身份驗證信息。
這似乎是由WCF服務處理,沒有任何打嗝。調用第三方服務顯然會造成問題,因爲他們立即迴應錯誤。
服務代碼:
[ServiceContract]
public interface IService
{
[OperationContract]
[WebInvoke(BodyStyle = WebMessageBodyStyle.Bare,
RequestFormat = WebMessageFormat.Xml,
UriTemplate = "")]
Message SendData(Message message);
}
public class Service : IService
{
public Message SendData(Message message)
{ return Message.CreateMessage(MessageVersion.None, String.Empty, "test");
}
}
客戶端代碼:
public class Client: WebChannelFactory<IService>, IService
{
public Client(Uri baseUri, string userName, string password)
: base(CreateBinding(),
baseUri)
{
Credentials.UserName.UserName = userName;
Credentials.UserName.Password = password;
}
public Message SendData(Message requestMessage)
{
var channel = CreateChannel();
Message responseMessage = channel.SendData(requestMessage);
return responseMessage;
}
private static Binding CreateBinding()
{
var binding = new WebHttpBinding();
binding.Security.Mode = WebHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
return binding;
}
}
使用TcpTrace我看到這些的請求背靠背:
POST/HTTP/1.1
Content-Type: application/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo2lH6p+lUOdFmrqDKGWYeQkAAAAA7+Y4QR6wNUWZmwCaasMx7xrfcJZxph9NocstwCh8NQsACQAA
Host: localhost:9090
Content-Length: 89
Expect: 100-continue
Connection: Keep-Alive
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">test request</string>
POST/HTTP/1.1
Content-Type: application/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo2lH6p+lUOdFmrqDKGWYeQkAAAAA7+Y4QR6wNUWZmwCaasMx7xrfcJZxph9NocstwCh8NQsACQAA
Authorization: Basic dGVzdDp0ZXN0
Host: localhost:9090
Content-Length: 89
Expect: 100-continue
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">test request</string>
注僅次於調用包含: 授權:基本dGVzdDp0ZXN0 如何停止第一個請求(未經授權)?與TcpTrace實用
樣品溶液可以在這裏下載:
WCF-BasicAuthenticationIssue.zip
拉莫斯, 非常感謝你爲你解答。這很明顯。 – 2009-09-22 21:59:01
你說_Basic認證是在兩個call_中完成的,但不應該說_Asas認證**可以在兩個call_中完成**,因爲RFC 2617沒有明確說第一個請求不能包含憑證。 – 2017-12-15 03:58:56