我一直在努力争取在WCF服务上使用自定义基本身份验证,现在已经有一段时间了。
我尝试使用自定义的userNameAuthentication和自定义的serviceAuthorizationManager。
我遇到的是,我陷入了一个“循环”中,要求提供凭据,而且似乎从未获得我的自定义身份验证。根据我的研究,这似乎是因为IIS劫持了身份验证并检查本地用户。
从Web配置中,我已通过基本身份验证打开了传输安全性:
<webHttpBinding>
<binding name="SecureBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
相关服务行为:(我尝试将其中一项内容注释掉)
<serviceBehaviors>
<behavior name="AuthenticatedWCF.CustomServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceAuthorization serviceAuthorizationManagerType="AuthenticatedWCF.Classes.Helpers.AuthenticationManager, AuthenticatedWCF" />
<!--<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="AuthenticatedWCF.Classes.Helpers.AuthenticationManager, AuthenticatedWCF" />
</serviceCredentials>-->
</behavior>
</serviceBehaviors>
授权类(永远不会被调用): …