基于MSDN文档,我创建了一个自定义UserNameSecurityTokenHandler,并放入CanValidateToken覆盖和ValidateToken覆盖。我以为我已经配置了WCF web服务来使用自定义处理程序,但ValdiateToken从未被调用。以下是自定义令牌处理程序:
public class CustomUserNameSecurityTokenHandler : UserNameSecurityTokenHandler
{
public override bool CanValidateToken
{
get { return true; }
}
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
System.Diagnostics.Debugger.Launch();
if (token == null)
{
throw new ArgumentNullException();
}
var userNameToken = token as UserNameSecurityToken;
if (userNameToken == null)
{
throw new SecurityTokenException("Invalid token");
}
if ( userNameToken.UserName != userNameToken.Password )
{
throw new SecurityTokenException("Invalid username or password.");
}
var claims = new List<Claim>
{
new Claim(System.IdentityModel.Claims.ClaimTypes.Name, userNameToken.UserName),
new Claim(
"http://schemas.microsoft.com/ws/2008/06/identity/claims/ClaimTypes.AuthenticationInstant",
XmlConvert.ToString(DateTime.UtcNow, "yyyy-MM-ddTHH:mm:ss.fffZ"),
"http://www.w3.org/2001/XMLSchema#dateTime")
};
return new ReadOnlyCollection<ClaimsIdentity>(new List<ClaimsIdentity> {new ClaimsIdentity(claims, "Password")});
}
}
调试器未启动。当我调用客户端代码时,它总是失败。这是我的WCF网站。站点的配置条目:
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="WcfUserName.Service1">
<endpoint address="Service1.svc" binding="netHttpBinding"
contract="WcfUserName.IService1" />
<host>
<baseAddresses>
<add baseAddress="https://localhost/WcfUserName" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</netHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="netHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
<system.identityModel>
<identityConfiguration name="identconfig">
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="WcfUserName.Security.CustomUserNameSecurityTokenHandler, WcfUserName"/>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
我假设我的配置有问题,但不知道是什么。什么好主意吗?
当然,你需要在web.config中正确配置它。这意味着您需要添加securitytokenhandler,但也要删除默认的用户名密码处理程序。所以你需要