在WCF实现安全控制的方法很多,如使用证书、windows身份认证等等。本文要介绍的是使用简单的用户名密码方式来验证,客户端在与服务端交互时附带传递用户名和密码。使用该方法的好处就是配置简单,不受环境的制约。
通过WCF中的扩展行为来将用户名和密码附加到消息头MessageHeader中,自然这样就可以在服务端通过读取IncomingMessageHeaders得到用户名和密码。
自定义行为,自定义行为要实现:IEndpointBehavior 和BehaviorExtensionElement
IEndpointBehavior members:
System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
return ;
}
public void ApplyClientBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
clientRuntime.MessageInspectors.Add( new IdentityHeaderInspector());
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
}
public void Validate(ServiceEndpoint endpoint)
{
return ;
}
BehaviorExtensionElement members
{
get
{
return typeof (AttachContextBehavior);
}
}
protected override object CreateBehavior()
{
return new AttachContextBehavior();
}
自定义消息检查器IClientMessageInspector,在消息检查器中添加MessageHeader附加用户名和密码:
{
#region IClientMessageInspector Members
public void AfterReceiveReply( ref System.ServiceModel.Channels.Message reply, object correlationState)
{
}
public object BeforeSendRequest( ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
MessageHeader < string > header = new MessageHeader < string > (AppContext.UserName);
request.Headers.Add(header.GetUntypedHeader( " UserName " , " http://ruinet.cnblogs.com/username " ));
header = new MessageHeader < string > (AppContext.Password);
request.Headers.Add(header.GetUntypedHeader( " Password " , " http://ruinet.cnblogs.com/password " ));
return null ;
}
#endregion
}
然后在实现的IEndpointBehavior接口的ApplyClientBehavior行为中添加IdentityHeaderInspector
System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
clientRuntime.MessageInspectors.Add( new IdentityHeaderInspector());
}
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.ServiceModel.Dispatcher;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Configuration;
using WCFSecurity.Security;
namespace WCFSecurity.Security
{
public class AttachContextBehavior : BehaviorExtensionElement, IEndpointBehavior
{
public override Type BehaviorType
{
get
{
return typeof (AttachContextBehavior);
}
}
protected override object CreateBehavior()
{
return new AttachContextBehavior();
}
#region IEndpointBehavior Members
public void AddBindingParameters(ServiceEndpoint endpoint,
System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
return ;
}
public void ApplyClientBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
clientRuntime.MessageInspectors.Add( new IdentityHeaderInspector());
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
}
public void Validate(ServiceEndpoint endpoint)
{
return ;
}
#endregion
private class IdentityHeaderInspector : IClientMessageInspector
{
#region IClientMessageInspector Members
public void AfterReceiveReply( ref System.ServiceModel.Channels.Message reply, object correlationState)
{
}
public object BeforeSendRequest( ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
MessageHeader < string > header = new MessageHeader < string > (AppContext.UserName);
request.Headers.Add(header.GetUntypedHeader( " UserName " , " http://ruinet.cnblogs.com/username " ));
header = new MessageHeader < string > (AppContext.Password);
request.Headers.Add(header.GetUntypedHeader( " Password " , " http://ruinet.cnblogs.com/password " ));
return null ;
}
#endregion
}
}
}
在客户端的配置文件中加入扩展行为AttachContextBehavior
< endpointBehaviors >
< behavior name ="headersMapping" >
< attachContextHeader />
</ behavior >
</ endpointBehaviors >
</ behaviors >
< extensions >
< behaviorExtensions >
< add name ="attachContextHeader" type ="WCFSecurity.Security.AttachContextBehavior, WCFSecurity.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</ behaviorExtensions >
</ extensions >
behaviorExtensions节点中加入自定义对象,然后再behavior节点指定:<attachContextHeader/>,最后在endpoint的behaviorConfiguration指定行为即可:
contract = " WCFSecurity.Contracts.ICalculateService "
address = " http://localhost:8001/CalculateService "
binding = " wsHttpBinding "
bindingConfiguration = " wsHttpBindingConfig "
behaviorConfiguration = " headersMapping " />
实例客户端运行时传递用名ruinet和密码88888:
{
AppContext.UserName = " ruinet " ;
AppContext.Password = " 888888 " ;
Console.WriteLine( " connecting host.. " );
CalculateServiceProxy proxy = new CalculateServiceProxy();
Console.WriteLine ( proxy.Add( 12 , 22 ));
proxy.Close();
Console.WriteLine( " close connect " );
Console.ReadLine();
}
在服务器端接收用户名和密码:
{
public class CalculateService : WCFSecurity.Contracts.ICalculateService
{
public double Add( double num1, double num2)
{
Console.WriteLine( " Client Requirement is coming " );
int index = OperationContext.Current.IncomingMessageHeaders.FindHeader( " UserName " ,
" http://ruinet.cnblogs.com/username " );
if (index != - 1 )
{
string userName = OperationContext.Current.IncomingMessageHeaders.GetHeader < string > ( " UserName " ,
" http://ruinet.cnblogs.com/username " );
string password = OperationContext.Current.IncomingMessageHeaders.GetHeader < string > ( " Password " ,
" http://ruinet.cnblogs.com/password " );
Console.WriteLine( " UserName: " + userName);
Console.WriteLine( " Password: " + password);
}
return num1 + num2;
}
}
}
运行结果: