这几天我一直在寻找这个。
我只是想使用基本 HTTP 身份验证将用户名/密码传递到我的 RESTful 服务中。其他一切都很好用!
这是我的 web.config 的样子:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<standardEndpoints>
<webHttpEndpoint>
<!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
-->
<standardEndpoint name="" helpEnabled="true" defaultOutgoingResponseFormat="Json" automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ParkingPandaREST.CustomUserNameValidator, ParkingPandaREST" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
然后我创建了一个具有以下内容的 CustomUserNameValidator 类:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace ParkingPandaREST
{
public class CustomUserNameValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
{
// This method validates users. It allows in two users, test1 and test2
// with passwords 1tset and 2tset respectively.
// This code is for illustration purposes only and
// must not be used in a production environment because it is not secure.
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
{
// This throws an informative fault to the client.
throw new System.ServiceModel.FaultException("Unknown Username or Incorrect Password");
// When you do not want to throw an infomative fault to the client,
// throw the following exception.
// throw new SecurityTokenException("Unknown Username or Incorrect Password");
}
}
}
}
我只是在我的本地机器上运行该服务,并试图在 CustomUserNameValidator 类中设置一个断点,但它永远不会到达那里。所以我现在没有使用 SSL,只是想获取传入的用户名/密码。
最佳答案
这是我想出的答案。它可能需要稍微调整一下,但它是完成工作所需的核心。
注意:关闭 IIS 中的基本身份验证
// Get the Header Authorization Value
string headerValue = operationContext.IncomingRequest.Headers[HttpRequestHeader.Authorization];
headerValue = headerValue.Replace("Basic ", "");
headerValue = DecodeBase64String(headerValue);
// Get Username and Password
string userName = headerValue.Substring(0, headerValue.IndexOf(":"));
string password = headerValue.Substring(headerValue.IndexOf(":") + 1, headerValue.Length - userName.Length - 1);
// Do Custom Authorization here with the userName and password
.......
这里还有 DecodeBase64String 函数
public static string DecodeBase64String(string encodedData)
{
byte[] encodedDataAsBytes = System.Convert.FromBase64String(encodedData);
string returnValue = System.Text.ASCIIEncoding.ASCII.GetString(encodedDataAsBytes);
return returnValue;
}
希望对遇到同样问题的其他人有所帮助 - 干杯!
关于c# - WCF .net 4.0 HTTP 基本身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5872679/