寺委书记

Good good study, day day up!

导航

WCF CustomBinding 身份验证

Posted on 2013-04-12 15:31  MonkChen  阅读(888)  评论(0)    收藏  举报

 

对Windows加密和验证机制不是很了解,在做WCF安全性方面有点吃力啊,经过两天的摸索,做了一个成功的demo,通过ssl实现用户名密码的验证。里面还有很多东西不甚理解,以后慢慢学习吧,在此笔记,备忘。

1.认证模式采用SecureConversation,因此服务器和客户机都需安装数字证书,关于数字证书的制作,网上多如牛毛。

2.客户端安装证书时,必须将证书安装在“受信任的根证书颁发机构”,否则会出现问题:“The certificate that was used has a trust chain that cannot be verified.....”,“已受理证书链,但是在不受信任提供程序信任的根证书中终止。”

3.配置文件:

Server:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <!-- When deploying the service library project, the content of the config file must be added to the host's 
  app.config file. System.Configuration does not support config files for libraries. -->
  <system.serviceModel>
    <services>
      <service behaviorConfiguration="SecurityBehavior" name="JLCG.MIS.Server.WCF.CGService">
        <endpoint address="" binding="customBinding" bindingConfiguration="compactBinding"
          contract="JLCG.MIS.Server.Contract.IMisService">
          <identity>
            <dns value="MISCA" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="netTcpBinding" bindingConfiguration="GenericBinding"
          name="net.tcp" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="net.tcp://10.10.0.204:7007/MisService/" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <bindings>
      <customBinding>
        <binding name="compactBinding">
          <compactMessageEncoding>
            <binaryMessageEncoding />
          </compactMessageEncoding>
          <security authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
            <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" />
          </security>
            <tcpTransport  />
        </binding>
      </customBinding>
      <netTcpBinding>
        <binding name="GenericBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          <security  mode="None"/>
        </binding>
      </netTcpBinding>
    </bindings>
    <extensions>
      <bindingElementExtensions>
        <add name="compactMessageEncoding" type="Amib.WCF.CompactMessageEncodingElement, CompactMessageEncoder, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      </bindingElementExtensions>
    </extensions>
    <behaviors>
      <serviceBehaviors>
        <behavior name="SecurityBehavior">
          <serviceMetadata />
          <serviceDebug includeExceptionDetailInFaults="True" />
          <dataContractSerializer maxItemsInObjectGraph="2147483647" />
          <serviceThrottling maxConcurrentCalls="2000" maxConcurrentInstances="2000" maxConcurrentSessions="2000"/>
          <serviceTimeouts transactionTimeout="00:01:00"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="JLCG.MIS.Server.WCF.CustomValidator,JLCG.MIS.Server.WCF" />
            <serviceCertificate findValue="MISCA" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>        
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
  <connectionStrings>
  </connectionStrings>
</configuration>

 client:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
      <bindings>
        <customBinding>
          <binding name="MisServiceBindingConfig">
            <compactMessageEncoding>
              <binaryMessageEncoding>
                <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
              </binaryMessageEncoding>
            </compactMessageEncoding>
            <security authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
              <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" />
            </security>
            <tcpTransport maxReceivedMessageSize="2147483647" />
          </binding>
        </customBinding>
      </bindings>
        <client>      
            <endpoint address="net.tcp://10.10.30.4:7007/MisService/" binding="customBinding"
                bindingConfiguration="MisServiceBindingConfig" contract="ServiceReference.IMisService"
                name="MisServiceBinding_IMisService">
                <identity>
                    <dns value="MISCA" />
                </identity>
            </endpoint>
        </client>
      <extensions>
        <bindingElementExtensions>
          <add name="compactMessageEncoding" type="Amib.WCF.CompactMessageEncodingElement, CompactMessageEncoder, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
        </bindingElementExtensions>
      </extensions>
    </system.serviceModel>    
</configuration>

 4.服务端代码

 class CustomValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {

        }
    }

5.客户端代码

MisServiceClient client = new MisServiceClient("MisServiceBinding_IMisService");
                client.ClientCredentials.UserName.UserName = "userName";
                client.ClientCredentials.UserName.Password = "password";