2 web应用之间的C#问题验证web服务问题、web
我工作的它运行中心在公司的web应用。这个web应用需要做出调用它是第二web应用的一部分的服务。
I'm working on a webapplication which runs central at a company. This webapplication needs to make a call to a service which is part of a second webapplication.
在中央web应用我有这块code;
In the central webapplication i have this piece of code;
var clientUri = "http://website.localhost/Services/Info.svc/account";
var uri = new Uri(clientUri);
var networkCredentials = new NetworkCredential(_configuration.ServiceUserName, _configuration.ServicePassword);
var httpClient = new HttpClient();
httpClient.DefaultHeaders.Authorization = Credential.CreateBasic(_configuration.ServiceUserName, _configuration.ServicePassword);
httpClient.TransportSettings.PreAuthenticate = true;
HttpResponseMessage respone = httpClient.Get(uri);
HttpContent content = respone.Content;
在Web服务中的其他应用程序,这是(Info.svc),我有以下code在服务的构造函数。
In the webservice in the other application, which is (Info.svc), i have the following code in the Constructor of the service.
var validator = new UserNamePasswordValidator();
var cred = System.Net.CredentialCache.DefaultCredentials; //this one is empty, maybe a solution?
validator.Validate("Username", "Password");
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
//This throws a 401 unauthorize, which is shown as a 500 error in the central application
throw new WebProtocolException(HttpStatusCode.Unauthorized, "You must be authorized to perform this action.", null);
}
else
{
_userIsAbleToUseService = true;
}
而不是用户名和密码的验证功能,我想用从其他Web服务通过网络发送的全权证书,才能实现这一目标?如何?任何其他建议,欢迎!我可以哈日$ C C目前在验证功能的密码$,但这不是我想要的。
Instead of Username and Password in the validate function i want to use the Network Credentials sent over from the other webservice, can this be achieved? And how? Any other suggestions are welcome! I can harcode the password now in the validate function, but this isn't what i want.
- UPDATE-- 这是中央的应用程序
--UPDATE-- This is the configuration in the web.config for the central application
<authorization>
<allow roles="administrators"/>
<deny roles="datareaders"/>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Logon/Logon" timeout="2880"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="CentralApplication"/>
</providers>
</membership>
这部分是在第二web应用的web.config文件
This part is for the web.config in the second webapplication
<authentication mode="Forms">
<forms name="AllPages" loginUrl="~/Logon/" timeout="360" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<!-- NOTE: See Web.config under Private folder for specifics on secure pages. -->
<deny users="?" />
</authorization>
<membership defaultProvider="NHMembershipProvider">
<providers>
<clear />
<add name="NHMembershipProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsMembershipProvider" description="Stores and retrieves membership data from SQL server using Nhibernate" connectionStringName="NHibernate" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="NHRoleProvider">
<providers>
<clear />
<add name="NHRoleProvider" applicationName="Website" type="Website.Security.Authentication.Membership.CmsRoleProvider" />
</providers>
</roleManager>
已经被记录使用成员资格提供我想要从那里用一个简单的超级链接调用Web服务中心的应用程序(只是现在)。所谓中央管理的Web服务收集的一些数据及以上的URL第二个应用程序的Web服务发送此。这两个应用都是web应用(包括web服务),所以这就是为什么在身份验证模式设置为Forms。
Already being logged to the central application using the membership provider i'm trying to call the webservice from there using a simple hyperlink (just for now). The webservice called in the central admin gathers some data and sends this over to the url for the webservice of the second application. Both application are webapplications (containing webservices) so that is why the authentication mode is set to Forms.
推荐答案
我花了近2天,但现在我得到了一切工作,因为我想要的。我发现 WcfRestContrib 这让我修改我的webconfig了一下,使用一些实施上的服务认证属性从这个类。我建立一个快速testapplication与服务和控制台应用程序和工作的认证。
Took me nearly 2 days, but now i got everything working as i want. I found the WcfRestContrib Which allowed me to implement authentication on the services by modifying my webconfig a bit and using a few attributes from this class. I build a quick testapplication with an service and a console application and the authentication worked.
我添加下面我web.config中的部分;
I added the section below to my web.config;
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="webAuthentication" type="WcfRestContrib.ServiceModel.Configuration.WebAuthentication.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
<add name="errorHandler" type="WcfRestContrib.ServiceModel.Configuration.ErrorHandler.BehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
<add name="webErrorHandler" type="WcfRestContrib.ServiceModel.Configuration.WebErrorHandler.ConfigurationBehaviorElement, WcfRestContrib, Version=1.0.6.107, Culture=neutral, PublicKeyToken=89183999a8dc93b5"/>
</behaviorExtensions>
</extensions>
<behaviors>
<serviceBehaviors>
<behavior name="Rest">
<webAuthentication requireSecureTransport="false" authenticationHandlerType="WcfRestContrib.ServiceModel.Dispatcher.WebBasicAuthenticationHandler, WcfRestContrib" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, CMS.Backend" source="CMS.Backend"/>
<!--<webAuthentication requireSecureTransport="false" authenticationHandlerType="CMS.Backend.Services.WebBasicAuthenticationHandler, CMS.Backend" usernamePasswordValidatorType="CMS.Backend.Services.SecurityValidator, Website.Backend" source="CMS.Backend"/>-->
<errorHandler errorHandlerType="WcfRestContrib.ServiceModel.Web.WebErrorHandler, WcfRestContrib"/>
<webErrorHandler returnRawException="true" logHandlerType="Website.Backend.Services.LogHandler, Website.Backend" unhandledErrorMessage="An error has occured processing your request. Please contact technical support for further assistance."/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
之后我修改了服务接口看起来是这样;
After that i modified my service interface to look like this;
[ServiceContract]
public interface ICmsInfo
{
[OperationContract]
[OperationAuthentication]
[WebInvoke(UriTemplate = "account", Method = "GET")]
AccountDTO GetAccountInfo();
最后一步我把被加2 attritubes服务本身;
The final step i took was adding 2 attritubes to the service itself;
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceConfiguration("Rest", true)]
public class Cmsinfo : ICmsInfo
{
//foo
}
在WcfRestContrib对我帮助很大,加入该认证技术,它的伟大工程。我必须确保我所使用的授权头以及。
The WcfRestContrib helped me a lot by adding this authentication technique and it works great. I just had to make sure i used the authorization headers aswell.
在此我遇到了一个问题,同时验证在我的web应用是使用窗体身份验证的Web服务。在另一个指定此问题topic.
After this i ran into a problem while authenticating the webservice in my webapplication which is using Forms Authentication. This problem is specified in another topic.
上一篇:安卓:使用notifyDataSetChanged和getLastVisiblePosition - 当ListView的实际更新?实际、notifyDataSetChanged、getLastVi
