none
WCF用户名验证Validator问题 RRS feed

  • 问题

  • 本人自己开发了一个WCF服务,并且应用了用户名密码的Message验证,在CustomUserNameValidator验证用户信息时出现了奇怪的问题. 问题如下, 当Validate方法中使用简单的用户名验证方法, 如

    public override void Validate(string userName, string password)
    {
        if (!(userName == "test1" && password == "1tset") )   

        {
            throw new SecurityTokenException("Unknown Username or Password");
        }
    }

    这样写的话是没有问题,客户端能调用对应的服务方法. 但是当我想把授权用户列表写在一份XML中,然后在Validate方法中读取该XML,判断当前用户是否合法用户时,就出现问题了, 服务器端会抛出 An unsecured or incorrectly secured fault was received from the other party 的验证失败信息. 开始我以为是读取XML的方法有误, 于是想在Validate方法中通过记录日志的方式把一些debug信息记录下来(由于不能直接对Validator进行Debug,这点很奇怪),但发现根本记录不了,因为很快又抛出同样的错误. 我想知道是不是我的思路有问题, 因为授权用户总不能hard code在代码里面吧,但是我又不想另外建数据表来维护授权用户.

    这个问题已经困扰了我好几天, 网上说有可能是client与Server的系统时间不同步导致的, 但我的client跟server都是在同一个工程里,而WCF是host在IIS上的。我想知道是不是不能在Validate方法中调用其他“复杂”的验证方法?

    附上服务器配置文件内容

    <system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="ACEServiceBehavior">
              <serviceMetadata httpGetEnabled="true"/>
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <!--Credentials-->
              <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="None"/>
                </clientCertificate>
                <!--The value of attribute "findValue" must match the name when you create the certificate on the server-->
                <serviceCertificate findValue="MyServerCert" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My"/>
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ACE.Wireless.MAS.Service.Validator.MASValidator, ACE.Wireless.MAS.Service"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <bindings>
          <wsHttpBinding>
            <binding name="UserPasswordBinding">
              <security mode="Message">
                <message clientCredentialType="UserName"/>
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        <services>
          <service behaviorConfiguration="ACEServiceBehavior" name="ACE.Wireless.MAS.Service.AccessoryService">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="UserPasswordBinding" contract="ACE.Wireless.MAS.Service.Interface.IAccessoryService">
              <identity>
                <dns value="MyServerCert"/>
              </identity>
            </endpoint>
          </service>
        </services>
      </system.serviceModel>

    客户端配置文件内容(自动生成)

    <configuration>
        <system.serviceModel>
            <bindings>
                <wsHttpBinding>
                    <binding name="WSHttpBinding_IAccessoryService" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                        allowCookies="false">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <reliableSession ordered="true" inactivityTimeout="00:10:00"
                            enabled="false" />
                        <security mode="Message">
                            <transport clientCredentialType="Windows" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" negotiateServiceCredential="true"
                                algorithmSuite="Default" establishSecurityContext="true" />
                        </security>
                    </binding>
                </wsHttpBinding>
            </bindings>
            <client>
                <endpoint address="http://guaizhuz-2658f9/BatteryService/ACEService.svc"
                    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IAccessoryService"
                    contract="ACCService.IAccessoryService" name="WSHttpBinding_IAccessoryService">
                    <identity>
                        <dns value="MyServerCert" />
                    </identity>
                </endpoint>
            </client>
        </system.serviceModel>
    </configuration>

     


    • 已编辑 Ryan14a 2011年12月29日 13:38
    2011年12月29日 10:09

答案