【转载】WCF 客户端识别认证之UserName认证
原文地址:
http://blog.csdn.net/zxz414644665/article/details/9308055
过程:用户调用service,服务端验证用户传来的用户名和密码(传输过程用X509证书验证及加解密),验证通过则给予调用服务。
1. 生成证书:这里只会生成一个测试用的证书(使用makecert.exe生成),生成完成之后再使用MMC Console给予相应的权限(Manage Private Keys…)。
makecert.exe -sr LocalMachine -ss My -n CN=MyServerCert -sky exchange –pe
2.Server端: 用VS2010 IDE新建一个“WCF Service Application”项目方案,实现我们自己的UserName认证方法,其实就是继承UserNamePasswordValidator(需要添加对System.IdentityModel.dll引用)并重写方法Validate。
- /// <summary>
- /// MyCustomValidator.cs
- /// </summary>
- public class MyCustomValidator: UserNamePasswordValidator
- {
- /// <summary>
- /// Override Validate method to implement custom validation
- /// </summary>
- /// <param name="userName">Username</param>
- /// <param name="password">Password</param>
- public override void Validate(string userName, string password)
- {
- if (string.IsNullOrEmpty(userName))
- {
- throw new ArgumentNullException("userName");
- }
- if (string.IsNullOrEmpty(password))
- {
- throw new ArgumentNullException("password");
- }
- // This is for testing purpose
- if (userName != "Admin" || password != "123456")
- {
- // Why we can't catch this fault exception in client
- FaultException fault =
- new FaultException(
- new FaultReason("UserName or password is wrong!"),
- new FaultCode("Error:0x0001"));
- throw fault;
- }
- }
- }
在这之后写我们的服务,很简单。
- [ServiceContract]
- public interface IValidationService
- {
- [OperationContract]
- string PrintMessage(string message);
- public class ValidationService : IValidationService
- {
- public string PrintMessage(string message)
- {
- Console.WriteLine("Message = " + message);
- return message;
- }
到这里Server端的代码基本上完成了,接下来就是如何让这些代码能够协同工作,那就需要修改我们的配置文件Web.config,有3个地方需要修改或者添加。
第一,添加binding,这里我们添加wsHttpBinding;
- <!-- Manually added bindings -->
- <bindings>
- <wsHttpBinding>
- <binding name="mySecurityBinding">
- <security mode="Message">
- <message clientCredentialType="UserName" />
- </security>
- </binding>
- </wsHttpBinding>
- </bindings>
第二,添加对UserName认证的配置,即serviceCredentials配置
- <!-- Manually added credentials -->
- <serviceCredentials>
- <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
- <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFValidationServer.CustomValidation.MyCustomValidator,WCFValidationServer" />
- </serviceCredentials>
第三,配置必不可少的endpoint;
- <!-- Manually added service endpoint -->
- <services>
- <service behaviorConfiguration="WCFValidationServer.ValidationServiceBehavior" name="WCFValidationServer.ValidationService">
- <endpoint address="" binding="wsHttpBinding" contract="WCFValidationServer.IValidationService"
- bindingConfiguration="mySecurityBinding">
- <identity>
- <dns value="MyServerCert" />
- </identity>
- </endpoint>
- <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
- </service>
- </services>
至此,Server端还需要做最后一件事情,即host到IIS中,这里就不多说了,测试host成功既可。
3. Client端:同样的,用VS2010新建一个“ASP.NET Web Application”项目方案,添加对WCF service的引用,IDE会自动添加WCF的相关配置工作,这里有一点需要注意,因为我们的证书并不是真正意义上的证书,只是测试生成的,所以这个证书并不会通过验证,所以当我们客户端访问服务的时候会报错的(具体的错误不说了,自己试了就知道),我们需要在客户端添加一个自己的X509证书验证方法,这里为了测试方面,我们重新的Validate方法是空的,即不做任何认证判断。
- public class MyX509Validator : X509CertificateValidator
- {
- public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
- {
- }
- }
好了,代码完成,同样我们需要修改客户端的Web.config配置文件来让这段代码起作用,添加如下的behavior,并将client的endpoint的behaviorConfiguration设置为我们添加的。
- <client>
- <endpoint address="http://localhost:8000/ValidationService.svc"
- binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IValidationService"
- contract="WCFValidationService.IValidationService" name="WSHttpBinding_IValidationService" behaviorConfiguration="myClientBehavior">
- <identity>
- <dns value="MyServerCert" />
- </identity>
- </endpoint>
- </client>
- <behaviors>
- <endpointBehaviors>
- <behavior name="myClientBehavior">
- <clientCredentials>
- <serviceCertificate>
- <authentication certificateValidationMode="Custom" customCertificateValidatorType="WCFValidationClient.MyX509Validator,WCFValidationClient" />
- </serviceCertificate>
- </clientCredentials>
- </behavior>
- </endpointBehaviors>
- </behaviors>
好了,至此我们的整个项目就完成了。客户端的界面及调用service就不说了,可以看我上载的源代码。