WCF基于用户名和密码安全成功测试

目标： 
１.客户端与服务器端通信使用x509证书验证，但不用客户端安装证书。只需要服务器端配置好证书即可。 
２.验证使用用户名密码形式。

操作： 
（这里的测试使用wcf项目模板缺省的服务，即只要新建一个使用vs2008自动生成的wcf项目就行了，

它会自动生成有一个GetData方法，我就用这个方法进行测试） 
1.新建WCF服务应用程序.

1.1生成一个服务器证书：运行Visual Studio 2008 命令提示工具：

输入：makecert -r -pe -n "CN=MyServer" -sr LocalMachine -ss My -sky exchange执行。

-sr LocalMachine 请一定保存到LodcalMachine中.目的就是到时如果你部署这个wcf服务的时候可以让IIS找到证书，

反之，IIS会报找不到x509证书.

2.配置web.config文件： 
这里要注意的是把storeLocation设为LocalMachine,原因也是到时需要部署的时候可以免掉很多麻烦，因为以后发布到iis时很可以不能正常验证到证书的私钥.

 1:  <system.serviceModel>

 2:      <bindings>

 3:        <wsHttpBinding>

 4:          <binding name="NewBinding0">

 5:            <security>

 6:              <message clientCredentialType="UserName" />

 7:            </security>

 8:          </binding>

 9:        </wsHttpBinding>

10:      </bindings>

11:      <services>

12:        <service behaviorConfiguration="WcfService2.Service1Behavior"

13:          name="WcfService2.Service1">

14:          <endpoint address="" binding="wsHttpBinding" bindingConfiguration="NewBinding0"

15:            contract="WcfService2.IService1">

16:          </endpoint>

17:          <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

18:        </service>

19:      </services>

20:      <behaviors>

21:        <serviceBehaviors>

22:          <behavior name="WcfService2.Service1Behavior">

23:            <serviceMetadata httpGetEnabled="true" />

24:            <serviceDebug includeExceptionDetailInFaults="false" />

25:            <serviceCredentials>

26:              <clientCertificate>

27:                <authentication certificateValidationMode="None" />

28:              </clientCertificate>

29:              <serviceCertificate findValue="MyServer" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />

30:              <userNameAuthentication userNamePasswordValidationMode="Custom"

31:                customUserNamePasswordValidatorType="WcfService2.MyUserNamePasswordValidator,WcfService2" />

32:            </serviceCredentials>

33:          </behavior>

34:        </serviceBehaviors>

35:      </behaviors>

36:    </system.serviceModel>

3.建造验证客户端用户名和密码的方法.

这里注意的是必须与web.config文件中的customUserNamePasswordValidatorType=中的内容一致，

格式是："命名空间.方法名,命名空间"

实际项目应用中这里应该是从数据库里确认用客是否合法。

 1:  namespace WcfService2 

 2:  { 

 3:      public class MyUserNamePasswordValidator : UserNamePasswordValidator 

 4:      { 

 5:          public override void Validate(string userName, string password) 

 6:          { 

 7:              if (userName != "jac" || password != "jac") 

 8:              { 

 9:                  throw new SecurityTokenException("Unknown Username or Password"); 

10:              } 

11:          } 

12:      } 

13:  }

至此，wcf服务配置完成。

4.新建一个asp.net项目，并添加服务引用这个wcf服务.

5.修改asp.net项目的web.config文件(一定要在引用wcf服务后）.

添加一个endpointBehaviors:

 1:  <behaviors>

 2:    <endpointBehaviors>

 3:      <behavior name="jacBehavior">

 4:        <clientCredentials>

 5:          <serviceCertificate>

 6:            <authentication certificateValidationMode="None" />

 7:          </serviceCertificate>

 8:        </clientCredentials>

 9:      </behavior>

10:    </endpointBehaviors>

11:  </behaviors>

然后让它生效,

1:  <endpoint address="http://localhost/Service1.svc" behaviorConfiguration="jacBehavior"

2:   binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"

3:   contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">

以下是完整的asp.net客户端的web.config文件的system.serviceModel部份

 1:  <system.serviceModel>

 2:    <behaviors>

 3:      <endpointBehaviors>

 4:        <behavior name="jacBehavior">

 5:          <clientCredentials>

 6:            <serviceCertificate>

 7:              <authentication certificateValidationMode="None" />

 8:            </serviceCertificate>

 9:          </clientCredentials>

10:        </behavior>

11:      </endpointBehaviors>

12:    </behaviors>

13:    <bindings>

14:      <wsHttpBinding>

15:        <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"

16:         openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"

17:         bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"

18:         maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"

19:         textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">

20:          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"

21:           maxBytesPerRead="4096" maxNameTableCharCount="16384" />

22:          <reliableSession ordered="true" inactivityTimeout="00:10:00"

23:           enabled="false" />

24:          <security mode="Message">

25:            <transport clientCredentialType="Windows" proxyCredentialType="None"

26:             realm="" />

27:            <message clientCredentialType="UserName" negotiateServiceCredential="true"

28:             algorithmSuite="Default" establishSecurityContext="true" />

29:          </security>

30:        </binding>

31:      </wsHttpBinding>

32:    </bindings>

33:    <client>

34:      <endpoint address="http://j-8de9be98d1184/Service1.svc" behaviorConfiguration="jacBehavior"

35:       binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"

36:       contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">

37:        <identity>

38:          <certificate encodedValue="AwAAAAEA.....................eGtnWJsvtFQsEuzDYw==" />

39:        </identity>

40:      </endpoint>

41:    </client>

42:  </system.serviceModel>

6.调用.

1:  ServiceReference1.Service1Client sc = new WebApplication1.ServiceReference1.Service1Client(); 

2:  sc.ClientCredentials.UserName.UserName = "jac"; 

3:  sc.ClientCredentials.UserName.Password = "jac"; 

4:  Label1.Text = sc.GetData(22);

完成.

工程文件下载:http://FunSL.com

为了便使这种方式自由度更高，以下是服务器端的纯代码版本:

 1:  using System; 

 2:  using System.Collections.Generic; 

 3:  using System.Linq; 

 4:  using System.Text; 

 5:  using System.ServiceModel; 

 6:  using System.IdentityModel.Selectors; 

 7:  using System.ServiceModel.Description; 

 8:   

 9:  namespace wcf.username 

10:  { 

11:      class Program 

12:      { 

13:          static void Main(string[] args) 

14:          { 

15:              EndpointAddress endp = new EndpointAddress("http://localhost/myservice"); 

16:   

17:              WSHttpBinding ws = new WSHttpBinding(); 

18:              ws.Security.Mode = SecurityMode.Message; 

19:              ws.Security.Message.ClientCredentialType = MessageCredentialType.UserName; 

20:   

21:              ServiceMetadataBehavior behavior = new ServiceMetadataBehavior(); 

22:              behavior.HttpGetEnabled = true; 

23:              behavior.HttpGetUrl = new Uri("http://localhost/myservice/mex"); 

24:   

25:              ServiceHost sh = new ServiceHost(typeof(serverdo), new Uri(endp.ToString())); 

26:   

27:              sh.Description.Behaviors.Add(behavior); 

28:   

29:              sh.Credentials.ClientCertificate.Authentication.CertificateValidationMode =  

30:                  System.ServiceModel.Security.X509CertificateValidationMode.None; 

31:   

32:   

33:              sh.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = 

34:                   System.ServiceModel.Security.UserNamePasswordValidationMode.Custom; 

35:   

36:              sh.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new checkUserName(); 

37:   

38:              sh.Credentials.ServiceCertificate.SetCertificate( 

39:                  System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,  

40:                  System.Security.Cryptography.X509Certificates.StoreName.My, 

41:                  System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "MyServer"); 

42:   

43:              sh.AddServiceEndpoint(typeof(Iservice), ws, endp.ToString()); 

44:              sh.Open(); 

45:   

46:              Console.WriteLine("ok"); 

47:              Console.Read(); 

48:          } 

49:      } 

50:   

51:      class checkUserName:UserNamePasswordValidator 

52:      { 

53:          public override void Validate(string userName, string password) 

54:          { 

55:              if (userName != "jac" && password != "jac") 

56:              { 

57:                  throw new FaultException("userName and passWord be error"); 

58:              } 

59:          } 

60:      } 

61:   

62:      [ServiceContract] 

63:      interface Iservice 

64:      { 

65:          [OperationContract] 

66:          string test(string msg); 

67:      } 

68:   

69:      class serverdo:Iservice 

70:      { 

71:          #region Iservice 成员 

72:   

73:          public string test(string msg) 

74:          { 

75:              Console.WriteLine("user inter:" + msg); 

76:   

77:              return "user inter:" + msg; 

78:          } 

79:   

80:          #endregion 

81:      } 

82:   

83:  }

转载于:https://www.cnblogs.com/chenjiang1014/archive/2009/12/27/1633487.html