我在我的WCF服务中使用基本身份验证.并且还使用ASP Membership provider进行身份验证.
Web.Config: 对于REST服务:
验证类型和模式:
在调用任何方法之前,我的BasicAuthentication类.代码如下所示:
namespace BasicAuth.Service { public class BasicAuthenticationInvoker : Attribute, IOperationBehavior, IOperationInvoker { #region Private Fields private IOperationInvoker _invoker; #endregion Private Fields #region IOperationBehavior Members public void ApplyDispatchBehavior(OperationDescription operationDescription, DispatchOperation dispatchOperation) { _invoker = dispatchOperation.Invoker; dispatchOperation.Invoker = this; } public void ApplyClientBehavior(OperationDescription operationDescription, ClientOperation clientOperation) { } public void AddBindingParameters(OperationDescription operationDescription, BindingParameterCollection bindingParameters) { } public void Validate(OperationDescription operationDescription) { } #endregion IOperationBehavior Members #region IOperationInvoker Members public object Invoke(object instance, object[] inputs, out object[] outputs) { System.Diagnostics.Debugger.Break(); if (Authenticate()) return _invoker.Invoke(instance, inputs, out outputs); else { outputs = null; return null; } } public object[] AllocateInputs() { return _invoker.AllocateInputs(); } public IAsyncResult InvokeBegin(object instance, object[] inputs, AsyncCallback callback, object state) { throw new NotSupportedException(); } public object InvokeEnd(object instance, out object[] outputs, IAsyncResult result) { throw new NotSupportedException(); } public bool IsSynchronous { get { return true; } } #endregion IOperationInvoker Members private bool Authenticate() { string[] credentials = GetCredentials(WebOperationContext.Current.IncomingRequest.Headers); if (credentials != null && credentials.Length == 2) { var username = credentials[0]; var password = credentials[1]; if (Membership.ValidateUser(username, password)) //if valid user { //get the roles of the user string[] roles = Roles.GetRolesForUser(username); Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), roles); return true; } } WebOperationContext.Current.OutgoingResponse.Headers["WWW-Authenticate"] = string.Format("Basic realm=\"{0}\"", string.Empty); WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized; return false; } private string[] GetCredentials(WebHeaderCollection headers) { string credentials = WebOperationContext.Current.IncomingRequest.Headers["Authorization"]; if (credentials != null) credentials = credentials.Trim(); if (!string.IsNullOrEmpty(credentials)) { try { string[] credentialParts = credentials.Split(new[] { ' ' }); if (credentialParts.Length == 2 && credentialParts[0].Equals("basic", StringComparison.OrdinalIgnoreCase)) { credentials = Encoding.ASCII.GetString(Convert.FromBase64String(credentialParts[1])); credentialParts = credentials.Split(new[] { ':' }); if (credentialParts.Length == 2) return credentialParts; } } catch (Exception ex) { } } return null; } } }
我的Iservice如下所示:
我的Custom类用作Iservice合约中的属性
public interface IService1 { [OperationContract] [BasicAuthenticationInvoker] //my custom class for authentication [WebGet(UriTemplate = "GetString?userID={userID}", ResponseFormat = WebMessageFormat.Json)] string GetString(string userID); }
使用AJAX调用调用WCF REST服务时,我将Authentication头添加到Request中,并使用上面的自定义类对用户进行身份验证.
AJAX调用: 下面是用于调用服务的Ajax调用,并使用beforeSend在访问服务之前对用户进行身份验证.
我的问题是:
我希望你能全面了解我的代码是如何工作的.
所以我需要的是,我如何验证对服务的每个请求,而不是使用 BasicAuthentication的自定义类?WCF中是否有用于验证传入请求的In-build功能?
提前致谢.