我有一个WCF客户端通过带有消息级安全性和UserName客户端凭据类型的WsHttpBinding连接到IIS中托管的WCF服务。
在客户端中,我在表示服务的生成代理类的实例中指定我的用户名和密码。一个代理实例用于所有后续调用,并且当我显式调用Open()或我第一次调用服务时,服务在自定义验证器中验证这些凭据。验证仅在此初始呼叫时进行,而不在后续呼叫中进行。 e.g:
var client = new MyServiceClient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password"; client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
client.GetStuff1(); // authentication is made here
client.GetStuff2(); // already authenticated, no further authentication. Why/How?
client.GetStuff3(); // already authenticated, no further authentication. Why/How?
此会话如何维护?如何配置服务器和/或客户端,以便在每次调用时进行身份验证,而不是似乎存在的“会话”?这不是由我所关注的<reliableSession>
确定的吗?
使用以下属性定义服务类:
[ServiceBehavior(IncludeExceptionDetailInFaults = true, AutomaticSessionShutdown = false, InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
客户端的app.config如下:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingWithAuth" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="200000000"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<!--
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" /> -->
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://testmachine/MyService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpBindingWithAuth"
contract="NewServiceIIS.IMyService" name="wsHttpBindingWithAuth">
<identity>
<certificate encodedValue="ZZZZ" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
答案 0 :(得分:1)
这是我沮丧的根源,现在对你来说是一种幸福(即你不需要再次提供用户/通行证)!
是的,身份验证存储在channel
中。频道开通后,ClientCredentials
无法更改。 Channel建立一个保留在Channel中的安全上下文。使用wsHttpBinding
和邮件安全性,这是用户名/密码,每次都会发送到服务器。
这是设计的。重新进行身份验证的唯一方法是关闭通道/代理并创建新代理。
如果您想知道建立安全上下文是什么,请查看What are the impacts of setting establishSecurityContext="False" if i use https?