http://www.cnblogs.com/artech/archive/2011/05/22/authentication_01.html

https://www.cnblogs.com/Frank-yafeya/p/3283699.html

https://www.cnblogs.com/jfzhu/p/4067873.html

https://www.cnblogs.com/niaowo/p/4727378.html

1. server

a. implement UserNaePasswordValidator

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.IdentityModel.Selectors;

using System.ServiceModel;

namespace WcfService1.Common

{

    public class CustomUserNameValidator : UserNamePasswordValidator

    {

        public override void Validate(string userName, string password)

        {

            if (userName != "admin" || password != "abc123")

            {

                throw new FaultException("UserName or Password is incorrect!");

            }

        }

    }

}

b. generate certificate

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=WcfServerCert -sky exchange –pe

c. config

<?xml version="1.0"?>

<configuration>

  <appSettings>

    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />

  </appSettings>

  <system.web>

    <compilation debug="true" targetFramework="4.7" />

    <httpRuntime targetFramework="4.7"/>

  </system.web>

  <system.serviceModel>

    <services>

      <service name="WcfService1.Service1" behaviorConfiguration="securityBehaviorConfig">

        <endpoint address="" binding="wsHttpBinding" contract="WcfService1.Contract.IService1"

                  bindingConfiguration="wsBindingConfig" />

        <host>

          <baseAddresses>

            <add baseAddress="http://localhost/wcf/Service1" />

          </baseAddresses>

        </host>

      </service>

      <service name="WcfService1.UserService">

        <endpoint address="" behaviorConfiguration="WcfService1.UserServiceAspNetAjaxBehavior"

          binding="webHttpBinding" contract="WcfService1.UserService" />

      </service>

    </services>

    <behaviors>

      <endpointBehaviors>

        <behavior name="WcfService1.UserServiceAspNetAjaxBehavior">

          <webHttp  />

        </behavior>

      </endpointBehaviors>

      <serviceBehaviors>

        <behavior>

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="true" />

        </behavior>

        <behavior name="securityBehaviorConfig">

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="true" />

          <serviceCredentials>

            <serviceCertificate findValue="WcfServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>

            <userNameAuthentication

              userNamePasswordValidationMode="Custom"

              customUserNamePasswordValidatorType="WcfService1.Common.CustomUserNameValidator, WcfService1"/>

          </serviceCredentials>

        </behavior>

      </serviceBehaviors>

    </behaviors>

    <bindings>

      <wsHttpBinding>

        <binding name="wsBindingConfig">

          <security mode="Message">

            <message clientCredentialType="UserName" />

          </security>

        </binding>

      </wsHttpBinding>

    </bindings>

    <protocolMapping>

      <add binding="basicHttpsBinding" scheme="https" />

    </protocolMapping>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"

      multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <system.webServer>

    <modules runAllManagedModulesForAllRequests="true"/>

    <!--

        To browse web app root directory during debugging, set the value below to true.

        Set to false before deployment to avoid disclosing web app folder information.

      -->

    <directoryBrowse enabled="true"/>

  </system.webServer>

  <system.diagnostics>

    <sources>

      <source name="System.ServiceModel"

              switchValue="Information, ActivityTracing"

              propagateActivity="true" >

        <listeners>

          <add name="xml"/>

        </listeners>

      </source>

      <source name="System.ServiceModel.MessageLogging">

        <listeners>

          <add name="xml"/>

        </listeners>

      </source>

      <source name="myUserTraceSource"

              switchValue="Information, ActivityTracing">

        <listeners>

          <add name="xml"/>

        </listeners>

      </source>

    </sources>

    <sharedListeners>

      <add name="xml"

           type="System.Diagnostics.XmlWriterTraceListener"

           initializeData="Error.svclog" />

    </sharedListeners>

  </system.diagnostics>

</configuration>

certlm.msc 添加 IIS AppPool\AppPoolName帐号,替换AppPoolName为应用池的名称,这里为WCFDemo。

2. client

         var wsBinding = new WSHttpBinding();

            wsBinding.Security.Mode = SecurityMode.Message;

            wsBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
// for exception: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS

            EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("WcfServerCert");

            EndpointAddress endAddress = new EndpointAddress(new Uri("http://localhost/wcf/Service1.svc"), identity);

            using (var factory = new ChannelFactory<IService1>(wsBinding, endAddress))

            {

                factory.Credentials.UserName.UserName = "admin";

                factory.Credentials.UserName.Password = "abc123";

                factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =

                              X509CertificateValidationMode.None;

                var proxy = factory.CreateChannel();

                string result = proxy.GetData();

                Console.WriteLine(result);

            }

使用wsHttpBinding构建Message安全模式和UserName授权的更多相关文章

  1. [WCF安全3]使用wsHttpBinding构建基于SSL与UserName授权的WCF应用程序

    上一篇文章中介绍了如何使用wsHttpBinding构建UserName授权的WCF应用程序,本文将为您介绍如何使用wsHttpBinding构建基于SSL的UserName安全授权的WCF应用程序. ...

  2. [WCF安全2]使用wsHttpBinding构建UserName授权的WCF应用程序,非SSL

    上一篇文章中介绍了如何使用basicHttpBinding构建UserName授权的WCF应用程序,本文将为您介绍如何使用wsHttpBinding构建非SSL的UserName安全授权的WCF应用程 ...

  3. [WCF安全1]使用basicHttpBinding构建UserName授权的WCF应用程序

    最近到了新公司,leader让我研究一下WCF的传输安全机制.以前也做过WCF的应用,但是很少涉及安全方面的东西.所以,花了三天的时间研究了一下如何在WCF的应用程序中配置安全.在这个系列文章中,我会 ...

  4. WCF安全3-Transport与Message安全模式

    概述: WCF的安全传输主要涉及认证.消息一致性和机密性三个主题.WCF采用两种不同的机制来解决这三个涉及传输安全的问题,一般将它们成为不同的安全模式,即Transport安全模式和Message安全 ...

  5. WCF 内置绑定在不同的传输安全模式下的信道层

    basicHttpBinding Transport安全模式信道层 Message安全模式信道层 TransportWithMessageCredential安全模式信道层 TransportCred ...

  6. 学会WCF之试错法——安全配置报错分析

    安全配置报错分析 服务端配置 <system.serviceModel> <bindings> <wsHttpBinding> <binding name = ...

  7. 快速入门系列--WCF--07传输安全、授权与审核

    这部分主要涉及企业级应用的安全问题,一般来说安全框架主要提供3个典型的安全行为:认证.授权和审核.除了典型的安全问题,对于一个以消息作为通信手段的分布式应用,还需要考虑消息保护(Message Pro ...

  8. 【WCF安全】WCF 自定义授权[用户名+密码+x509证书]

    1.x509证书制作(略) 2.直接贴代码 ----------------------------------------------------------------------服务端----- ...

  9. WCF身份验证一:消息安全模式之<Certificate>身份验证

    消息安全模式的证书身份验证方式,基于WSHttpBinding绑定协议的实现过程.主要内容:基本概念,然后是制作证书.服务端配置.客户端配置.总结.这里应该和Transport传输安全模式之证书身份验 ...

随机推荐

  1. 009-jdk1.8版本新特性一-展方法,Lambda表达式,函数式接口、方法引用构造引用

    一.JDK1.8 名称:Spider(蜘蛛) 发布日期:2014-03-18 新特性: 1.1.扩展方法[接口的默认方法] Java 8允许我们给接口添加一个非抽象的方法实现,只需要使用 defaul ...

  2. xgb, lgb, Keras, LR(二分类、多分类代码)

    preprocess # 通用的预处理框架 import pandas as pd import numpy as np import scipy as sp # 文件读取 def read_csv_ ...

  3. myeclipse自定义JSP模板

  4. Lintcode: k Sum II

    Given n unique integers, number k (1<=k<=n) and target. Find all possible k integers where the ...

  5. 019-centos的yum用法

    1.检测系统是否已经安装过mysql或其依赖:# yum list installed | grep mysql(当然也可以用 rpm -qa | grep mysql) 2.卸载已经存在的mysql ...

  6. 我的sublime 插件配置

    一个插件就是一个软件 ,这就是sublime的理念 . 1.Packag control 给sublime配置插件当然少不了Package control ,首先安装 Package control ...

  7. Perl中的哈希(四)

    Perl中的哈希数据结构.相比较于数组,这种数据结构对于数据查找和统计更加方便. 一个特殊的哈希,%ENV,表示当前terminal下,通过setenv设置的variable的键值. 键:环境变量名, ...

  8. 浅谈css中渐变衔接

    无论transition还是keyframes,如何让变化更自然,这是前端应该考虑的问题. 这里,我简单总结下自己的方法. 以实践为例子. 1.图像渐变 @keyframes looppic{ fro ...

  9. MySQL从删库到跑路_高级(六)——索引

    作者:天山老妖S 链接:http://blog.51cto.com/9291927 一.索引简介 1.索引简介 索引(Index)是帮助MySQL高效获取数据的数据结构. 在MySQL中,索引属于存储 ...

  10. nginx日志过滤相同IP方法

    nginx日志过滤相同IP方法分析nginx日志的时候,统计ip怎么过滤重复的?awk '{print $2}' nginx.log |sort -rn |uniq -c |sort -rn |hea ...