Проблема безопасности WCF с именем пользователя clientCredentialType - PullRequest
3 голосов
/ 03 июня 2009

Прежде всего, я прошу прощения за мой английский ...

Тогда: у меня проблема!

Я написал код для простой службы WCF, и с конфигурацией # 1 все работает нормально.

Conf # 1 - сервер

<configuration>
  <system.serviceModel>
    <services>
      <service name="WCFservice.Service" 
               behaviorConfiguration="WCFservice.ServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress = "http://localhost:8731/WCFservice/" />
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" contract="WCFservice.IService"/>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="WSCertificateSecurity">
          <reliableSession enabled="true"/>
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFservice.ServiceBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="cn=abc" 
                    storeLocation="LocalMachine" storeName="TrustedPeople" 
                    x509FindType="FindBySubjectDistinguishedName"/>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="True" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

Conf # 1 - клиент

<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_IService">
          <reliableSession enabled="false" />
          <security mode="Message">
            <transport clientCredentialType="Windows" 
                       proxyCredentialType="None" realm="" />
            <message clientCredentialType="Windows" 
                  negotiateServiceCredential="true"
                  establishSecurityContext="true" 
                  algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:8731/WCFservice/" 
                binding="wsHttpBinding"
                bindingConfiguration="WSHttpBinding_IService" 
                contract="WCF.IService"
                name="WSHttpBinding_IService">
        <identity>
          <userPrincipalName value="myname" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>

Проблема возникает, когда я пытаюсь установить аутентификацию userName с созданным мною личным классом проверки. Выкладываю конфигурацию № 2.

Conf # 2 - сервер

<configuration>
  <system.serviceModel>
    <services>
      <service name="WCFservice.Service" 
               behaviorConfiguration="WCFservice.ServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress = "http://localhost:8731/WCFservice/" />
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" contract="WCFservice.IService"/>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="WSCertificateSecurity">
          <reliableSession enabled="true"/>
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFservice.ServiceBehavior">
          <serviceCredentials>
            <userNameAuthentication 
                 userNamePasswordValidationMode="Custom"  
                 customUserNamePasswordValidatorType="WCFservice.Login, WCFservice"/>
            <serviceCertificate findValue="cn=abc" 
                 storeLocation="LocalMachine" storeName="TrustedPeople" 
                 x509FindType="FindBySubjectDistinguishedName"/>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="True" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

Conf # 2 - клиент

<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_IService">
          <reliableSession enabled="false" />
          <security mode="Message">
            <transport clientCredentialType="Windows" 
                  proxyCredentialType="None" realm="" />
            <message 
                  clientCredentialType="UserName" 
                  negotiateServiceCredential="true"
                  establishSecurityContext="true" 
                  algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:8731/WCFservice/" binding="wsHttpBinding"
        bindingConfiguration="WSHttpBinding_IService" contract="WCF.IService"
        name="WSHttpBinding_IService">
        <identity>
          <userPrincipalName value="myname" />
        </identity>
      </endpoint>
    </client>

Когда я запускаю приложение и получаю

System.ServiceModel.Security.SecurityNegotiationException

private void button1_Click(object sender, EventArgs e) 
{
    WCF.XnottaLightServiceClient client = new WCF.XnottaLightServiceClient();
    client.ClientCredentials.UserName.UserName = "user";
    client.ClientCredentials.UserName.Password = "pass";

    string[] s = textBox6.Text.Split('§');
    int[] i = new int[s.Length];
    for(int j = 0; j < i.Length; j++) 
    {
        i[j] = Convert.ToInt32(s[j]);
    }

    string string1 = client.getString("xnl");
}

Есть идеи?

Спасибо, Альберто

1 Ответ

2 голосов
/ 03 июня 2009

Хорошо, одна вещь, которая сразу бросается в глаза, это несоответствие:

Сервер:

<wsHttpBinding>
        <binding name="WSCertificateSecurity">
          <reliableSession enabled="true"/>

Надежные сеансы включены = true.

Клиент:

<wsHttpBinding>
        <binding name="WSHttpBinding_IService">
          <reliableSession enabled="false" />

Надежные сеансы включены = false.

Это определенно несоответствие, но, на удивление, это относится и к сценариям № 1 и № 2 .....

Марк

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...