WCF客户端如何保留登录会话

时间:2012-03-20 14:48:19

标签: wcf web-services authentication wcf-client

我有一个WCF客户端通过带有消息级安全性和UserName客户端凭据类型的WsHttpBinding连接到IIS中托管的WCF服务。

在客户端中,我在表示服务的生成代理类的实例中指定我的用户名和密码。一个代理实例用于所有后续调用,并且当我显式调用Open()或我第一次调用服务时,服务在自定义验证器中验证这些凭据。验证仅在此初始呼叫时进行,而不在后续呼叫中进行。 e.g:

   var client = new MyServiceClient();
    client.ClientCredentials.UserName.UserName = "username";
    client.ClientCredentials.UserName.Password = "password";        client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =   
X509CertificateValidationMode.None;
    client.GetStuff1(); // authentication is made here
    client.GetStuff2(); // already authenticated, no further authentication. Why/How?
    client.GetStuff3(); // already authenticated, no further authentication. Why/How?

此会话如何维护?如何配置服务器和/或客户端,以便在每次调用时进行身份验证,而不是似乎存在的“会话”?这不是由我所关注的<reliableSession>确定的吗?

使用以下属性定义服务类:

[ServiceBehavior(IncludeExceptionDetailInFaults = true, AutomaticSessionShutdown = false, InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]

客户端的app.config如下:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="wsHttpBindingWithAuth" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="200000000"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                      <!--
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" /> -->
                        <message clientCredentialType="UserName" negotiateServiceCredential="true"
                            algorithmSuite="Default"/>
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://testmachine/MyService.svc"
                binding="wsHttpBinding" bindingConfiguration="wsHttpBindingWithAuth"
                contract="NewServiceIIS.IMyService" name="wsHttpBindingWithAuth">
                <identity>
                  <certificate encodedValue="ZZZZ" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

1 个答案:

答案 0 :(得分:1)

这是我沮丧的根源,现在对你来说是一种幸福(即你不需要再次提供用户/通行证)!

是的,身份验证存储在channel中。频道开通后,ClientCredentials无法更改。 Channel建立一个保留在Channel中的安全上下文。使用wsHttpBinding和邮件安全性,这是用户名/密码,每次都会发送到服务器

这是设计的。重新进行身份验证的唯一方法是关闭通道/代理并创建新代理。

如果您想知道建立安全上下文是什么,请查看What are the impacts of setting establishSecurityContext="False" if i use https?

相关问题
最新问题