我正在尝试配置DotNetOpenAuth的DataApi.svc服务,以使用AJAX通过https调用我的资源。
我可以调用该服务并查看后面的代码,但不会对OperationContext.Current.ServiceSecurityContext进行身份验证
在IIS中,我有"匿名身份验证"设置为" true"。
在Fiddler中,我可以看到标题已发送: 授权:持票人gAAAAMcRmG5vw3LykShq7cNOEGUACBiNtlVGxGYdSVfkkXjR- [截断]
界面装饰如下:
[的ServiceContract] 公共接口IDataApi {
[OperationContract,WebGet(UriTemplate =" / email",ResponseFormat = WebMessageFormat.Json)] string GetEmail();
这是我的配置:
<bindings>
<wsHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
<webHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="DataApiBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="DataApiWebBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="DataApiBehavior" name="OAuthResourceServer.DataApi">
<endpoint address="" binding="wsHttpBinding" contract="OAuthResourceServer.Code.IDataApi" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<endpoint address="web" binding="webHttpBinding" contract="OAuthResourceServer.Code.IDataApi" behaviorConfiguration="DataApiWebBehavior">
</endpoint>
</service>
</services>
任何可能出错的想法?
谢谢!
答案 0 :(得分:0)
我错过了
<serviceAuthorizationserviceAuthorizationManagerType="OAuthResourceServer.Code.OAuthAuthorizationManager, OAuthResourceServer" principalPermissionMode="Custom" />
在服务行为中!解决了:))