如果我使用WCF w/forms auth,php或java客户端将如何进行身份验证？

Question

我有一个通用的概念证明WCF服务,它使用表单身份验证来保护访问.当我的客户端是.NET时,一切都很棒(下面的vb代码)

Dim client As SupplierServiceClient = New SupplierServiceClient()
client.ClientCredentials.UserName.UserName = "xxxx@xxx.xx.xx"
client.ClientCredentials.UserName.Password = "password"

Dim SupplierList As List(Of Supplier) = client.GetSuppliers()

但是我希望这可以与任何可以执行SOAP 1.1/1.2的人互操作 - 如何连接PHP或Java客户端？

我的WCF web.config列在下面(fyi)

<system.serviceModel>
    <services>
        <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior">
            <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/>
            <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/>
            <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="wsHttp">
                <security mode="TransportWithMessageCredential">
                    <transport/>
                    <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/>
                </security>
            </binding>
        </wsHttpBinding>
        <basicHttpBinding>
            <binding name="basicHttp">
                <security mode="TransportWithMessageCredential">
                    <transport/>
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="NorthwindBehavior">
                <serviceMetadata httpGetEnabled="true"/>
                <serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

Answer 1

我设法验证PHP客户端,但不是没有一些努力.起初,我尝试了以下方法:

$header = new stdClass;
$credentials = new stdClass;
$credentials->Username="myuser";
$credentials->Password="mypass";
$header->UsernameToken = $credentials;

$securityNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
$client->__setSoapHeaders($securityNamespace, 'Security', $header);

它没用.似乎PHP5(在我的情况下为v5.3.5)有一个错误,阻止名称空间前缀出现在嵌套标头标记内. http://bugs.php.net/bug.php?id=48966
我最终得到了:

<UsernameToken><Username>myuser</Username><Password>myuser</Password></UsernameToken>

代替:

<o:UsernameToken><o:Username>myuser</o:Username><o:Password>myuser</o:Password></o:UsernameToken>

所以,我要做的是在变量中硬编码必要的XML.这很难看但有效:

$securityNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
$headerContent = "<o:Security xmlns:o=\"$securityNamespace\">
                    <o:UsernameToken>
                    <o:Username>myuser</o:Username>
                    <o:Password>mypass</o:Password>
                    </o:UsernameToken>
                </o:Security>";
$headerVar = new SoapVar($headerContent, XSD_ANYXML, null, null, null);
$header = new SoapHeader($securityNamespace, 'o:Security', $headerVar);
$client->__setSoapHeaders(array($header));

我希望它会对某人有所帮助.再见!