Silverlight WCF RIA网站使用ASP.NET身份验证发布在IIS及Windows Azure的配置
以下是host WCF的网站web.config配置。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="system.serviceModel">
<section name="domainServices" type="System.ServiceModel.DomainServices.Hosting.DomainServicesSection, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" allowDefinition="MachineToApplication" requirePermission="false" />
</sectionGroup>
</configSections>
<connectionStrings>
<add name="CredentialsServices" connectionString="data source=SQLSERVERName;Initial Catalog=DBName;Persist Security Info=True;User ID=UserID;Password=UserPsw;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<httpModules>
<add name="DomainServiceModule" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
<compilation debug="true" targetFramework="4.0">
<assemblies>
</assemblies>
</compilation>
<globalization culture="auto" uiCulture="auto" />
<authentication mode="Forms">
<forms name=".Inventory.UI_ASPXAUTH" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="CredentialsServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="CredentialsServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="CredentialsServices" applicationName="/" />
</providers>
<properties>
<add name="FriendlyName" />
</properties>
</profile>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="DomainServiceModule" preCondition="managedHandler" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<directoryBrowse enabled="false" />
<defaultDocument>
<files>
<add value="Default.html" />
</files>
</defaultDocument>
</system.webServer>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!--aspNetCompatibilityEnabled must be true else you will not could use AspNet Credentials service. Added by Cubean 2011.06.14 17:48-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
<configSections>
<sectionGroup name="system.serviceModel">
<section name="domainServices" type="System.ServiceModel.DomainServices.Hosting.DomainServicesSection, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" allowDefinition="MachineToApplication" requirePermission="false" />
</sectionGroup>
</configSections>
<connectionStrings>
<add name="CredentialsServices" connectionString="data source=SQLSERVERName;Initial Catalog=DBName;Persist Security Info=True;User ID=UserID;Password=UserPsw;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<httpModules>
<add name="DomainServiceModule" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
<compilation debug="true" targetFramework="4.0">
<assemblies>
</assemblies>
</compilation>
<globalization culture="auto" uiCulture="auto" />
<authentication mode="Forms">
<forms name=".Inventory.UI_ASPXAUTH" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="CredentialsServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="CredentialsServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="CredentialsServices" applicationName="/" />
</providers>
<properties>
<add name="FriendlyName" />
</properties>
</profile>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="DomainServiceModule" preCondition="managedHandler" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<directoryBrowse enabled="false" />
<defaultDocument>
<files>
<add value="Default.html" />
</files>
</defaultDocument>
</system.webServer>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!--aspNetCompatibilityEnabled must be true else you will not could use AspNet Credentials service. Added by Cubean 2011.06.14 17:48-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
注意,其中aspNetCompatibilityEnabled="true" 必须有,否则身份验证服务无效。
另外,发布在IIS后,需要在IIS的配置中将该网站身份验证中的ASP.NET模拟启用。否则身份验证将无效。
对于仅需要在IIS中发布网站及服务的系统来讲,配置文件中的membership, roleManager, profile的provider信息都可省略,因为.net 4.0内置的asp.net身份认证接口已经缺省配置为AspNetSqlProvider。如果使用SQL Express产生的App_Data目录下的缺省的身份验证服务数据库ASPNETDB.MDF,那么配置文件中的connectionStrings也可以省略。
如果发布在Windows Azure,则需要照以上配置,然后将其中的连接字符串改成Azure下的连接方式——storage或者sql Azure。
对于Silverlight的网站,为了能够在网站外存取该网站下的服务(譬如调试UI调用远程服务),需要加入DomainService服务。Visual Studio 2010会在Silverlight的WCF RIA程序生成向导中自动在web.config中加入跟DomainService相关的三条内容。另外,对于远程调用的服务,其发布的网站根目录必须添加一个clientacdesspolicy.xml文件。
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>