我对WCF开发相当新,并且在学习框架时遇到了一些问题 . 我有一个必须支持REST和SOAP的服务api . 到目前为止,这很容易实现,特别是使用WCF4和路由 .
我目前正在进行授权,并设法通过创建两个新的管理器类来扩展AuthorizationManager:“ApiKeyAuthorizationManager”和“ApiKeyAndTokenAuthorizationManager”
我的大多数服务都需要ApiKey和Token(GUIDS)才能出现;在最初进行身份验证时,您只需要一个有效的ApiKey和密码来接收令牌 .
到目前为止,REST正在完美地工作,因为授权管理器会查询查询字符串以获取ApiKey和/或令牌 .
所以例如服务uri看起来像:* http://api.domain.com/Service/Operation/ ?ApiKey = GUID&Token = GUID
我现在的问题是授权SOAP服务调用 . 我做了一些研究,并在实施之前得出了一些我想验证的结论 .
为了使用自定义凭据授权SOAP,我应该:
-
创建自定义服务令牌(MSDN)
-
通过创建自定义SecurityTokenProvider,SecurityTokenAuthenticator和SecurityTokenSerializer扩展WCF(MSDN)
-
通过创建自定义AuthorizationPolicies(MSDN)扩展WCF
我是在正确的轨道吗?所有这些步骤是否都适合我的方案?似乎只是为了验证由两个GUID组成的凭证而进行的定制 .
谢谢!
[EDIT #1]
这是一项非常艰巨的任务 . 自定义凭据和安全令牌几乎没有记录 . 找到高质量的博客文章本身已经证明几乎不可能 . 我've kept plugging away and am so close to have a working solution. I'甚至按照this post中的描述击中了相同的路障 .
当我尝试访问我的服务以发现wsdl或mex时,我收到此错误:
``
`The service encountered an error.
An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
Extension: System.ServiceModel.Channels.SymmetricSecurityBindingElement
Error: Specified argument was out of the range of valid values.
Parameter name: parameters ----> System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
Parameter name: parameters
at System.ServiceModel.Security.WSSecurityPolicy.CreateTokenAssertion(MetadataExporter exporter, SecurityTokenParameters parameters, Boolean isOptional)
at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSignedSupportingTokensAssertion(MetadataExporter exporter, Collection1 signed, Collection1 signedEncrypted, Collection1 optionalSigned, Collection1 optionalSignedEncrypted)
at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection1 signed, Collection1 signedEncrypted, Collection1 endorsing, Collection1 signedEndorsing, Collection1 optionalSigned, Collection1 optionalSignedEncrypted, Collection1 optionalEndorsing, Collection1 optionalSignedEndorsing, AddressingVersion addressingVersion)
at System.ServiceModel.Security.WSSecurityPolicy.CreateWsspSupportingTokensAssertion(MetadataExporter exporter, Collection1 signed, Collection1 signedEncrypted, Collection1 endorsing, Collection1 signedEndorsing, Collection1 optionalSigned, Collection1 optionalSignedEncrypted, Collection1 optionalEndorsing, Collection1 optionalSignedEndorsing)
at System.ServiceModel.Channels.SecurityBindingElement.ExportSymmetricSecurityBindingElement(SymmetricSecurityBindingElement binding, MetadataExporter exporter, PolicyConversionContext policyContext)
at System.ServiceModel.Channels.SecurityBindingElement.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
at System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint)
--- End of inner ExceptionDetail stack trace ---
at System.ServiceModel.Description.ServiceMetadataBehavior.MetadataExtensionInitializer.GenerateMetadata()
at System.ServiceModel.Description.ServiceMetadataExtension.EnsureInitialized()
at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.InitializationData.InitializeFrom(ServiceMetadataExtension extension)
at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.GetInitData()
at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.TryHandleDocumentationRequest(Message httpGetRequest, String[] queries, Message& replyMessage)
at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.ProcessHttpRequest(Message httpGetRequest)
at SyncInvokeGet(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)`
``
如果您知道可能导致这种情况的原因,我会非常乐意为您提供帮助 .
[EDIT #2]
似乎Microsoft不想更新他们的示例以显示如何允许wsdl支持自定义凭据/令牌 . See here . 任何人都知道如何让这个工作?什么's the point of making a framework extensible if there'没有文档如何扩展它?!?
[EDIT #3]
正如我在下面的评论中所述......我使用UserNameSecurityToken使TransportWithMessageCredential正常工作 . 不幸的是,当我需要实现我计划的一些更高级的功能时,我的服务最终会要求自定义令牌 .
我正在寻找的答案是:
How to support custom service credentials and tokens with WSDL support?
目前,根据Microsoft的示例,您只能使用ChannelFactory并在客户端上创建自定义绑定来使用自定义凭据 . 我宁愿不解决这个问题 .
如果这个问题仍然没有答案,我将不断提高赏金 . 只要我能够完成所有工作,我就会写一篇关于创建自定义安全解决方案所需的所有步骤的博客教程 .
1 回答
我建议你关注Windows Identity Foundation,并朝着基于声明的安全性/联合的方向前进 . 此模型更好地支持自定义凭据,因为它们只是一组不同的声明 .