WCF Service with Username and password

StackOverflow https://stackoverflow.com/questions/19367659

Pergunta

A little new with WCF services when using username and passwords. I followed the tutorial found at http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti in order to protect my web service with a username and password.

My Config file is below

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.web>
    <compilation debug="false" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="NewBehavior0" name="TService">
        <endpoint address="mex" binding="mexHttpBinding" contract="ITechnology" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="NewBinding0">
          <security>
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="NewBehavior0">
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="Server" storeLocation="CurrentUser"
          storeName="TrustedPeople" x509FindType="FindBySubjectName" />
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TService, Services1"/>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>

Now i can view the WDSL in my browser and i know the certificate works as expected locally. When i connect to the service using the WCF test tool it doesnt prompt me for a username and password.

According to the link i posted and following ive not even done the final step (adding the code to pass in the username and password) but i can still connect to the service and retrieve all the data.

What have i missed out and how could i restrict the service where only a username and password allows the user/service to retrieve the data?

Edit 1:

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="NewBehavior0" name="TechService">
        <endpoint address="mex" binding="mexHttpBinding" contract="ITechService" />
       <endpoint address="TechService.svc" binding="wsHttpBinding" bindingConfiguration="" contract="ITechService" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="NewBinding0">
          <security>
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="NewBehavior0">
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust" />
            </clientCertificate>
            <serviceCertificate findValue="Server" storeLocation="CurrentUser"
              storeName="TrustedPeople" x509FindType="FindBySubjectName" />
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="TechService, Services1"/>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <directoryBrowse enabled="true" />
  </system.webServer>
</configuration>
Foi útil?

Solução

Based on a quick review of the linked CodeProject page, your config file seems to be a bit off (as it does not indicate that any endpoints are actually using a client credential type).

The "NewBinding0" specifies clientCredentialType="Certificate" but the article indicates the value should be:

<binding name="NewBinding0">
    <security mode="Message">
        <message clientCredentialType="UserName"/>
    </security>
</binding>

Also, the Service definition only defines a “mex” (metadata) endpoint. You most likely will want to define an wsHttpBinding.. endpoint, which utilizes the corrected binding that specifies clientCredentialType="UserName".

<endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"/>

Hope this helps.
Regards,

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top