使用用戶名和密碼時有點新的WCF服務。我遵循http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti的教程,以便用用戶名和密碼保護我的Web服務。使用用戶名和密碼的WCF服務
我的配置文件低於
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="false" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="NewBehavior0" name="TService">
<endpoint address="mex" binding="mexHttpBinding" contract="ITechnology" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NewBinding0">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior0">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
<serviceCertificate findValue="Server" storeLocation="CurrentUser"
storeName="TrustedPeople" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TService, Services1"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
現在我可以查看我的瀏覽器的WDSL,我知道證書作品在本地的預期。當我使用WCF測試工具連接到服務時,它不會提示我輸入用戶名和密碼。
根據我發佈的鏈接和以下我甚至沒有做最後一步(添加代碼來傳遞用戶名和密碼),但我仍然可以連接到服務並檢索所有數據。
我錯過了什麼以及如何限制只有用戶名和密碼允許用戶/服務檢索數據的服務?
編輯1:
<system.serviceModel>
<services>
<service behaviorConfiguration="NewBehavior0" name="TechService">
<endpoint address="mex" binding="mexHttpBinding" contract="ITechService" />
<endpoint address="TechService.svc" binding="wsHttpBinding" bindingConfiguration="" contract="ITechService" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NewBinding0">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior0">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
<serviceCertificate findValue="Server" storeLocation="CurrentUser"
storeName="TrustedPeople" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TechService, Services1"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
您的服務元素和端點元素應該具有名稱和合約屬性爲完全限定名稱,即namespace.TService和namespace.ITechnology。根據你的配置,你的端點沒有使用合適的綁定機制。它應該是wsHttpBinding或basicHttpBinding與運輸安全 – Rajesh