WCF Webhttpninding con autenticazione del fornitore di appartenenza

Question

Ho un servizio WebHttpninding che utilizza la modalità di autenticazione di base HTTP, tuttavia per qualche strano motivo convalida del nome utente / password fornito con gli account Windows, pensati ho specificato USERNAMEPASSwordValidationMode="membershipprovider".

Ho trovato altri post che riportano anche questo problema, ma non sono state fornite alcuna risposta a questa situazione.

  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding name="WebBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="EPWeb">
          <webHttp helpEnabled="true" />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlProvider" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="ServiceBehavior" name="Foo">
        <endpoint address="Test" behaviorConfiguration="EPWeb"
            binding="webHttpBinding" bindingConfiguration="WebBinding"
            contract="Foo.IService" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:3456/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>

.

Answer 1

This configuration will not work. But there are workarounds to this issue:

• Create Login() method and use authentication token, which you pass to every service method.
• Use custom validation mode, and validate username\password by code, using Membership.ValidateUser()

Answer 2

Token passed login or a custom http authentication module.

Here is a link to a custom authentication module. http://custombasicauth.codeplex.com/

For token based, you could use an OAuth implementation.