在解决了我之前的问题后,我想将 netTcpBinding 转换为 customBinding,我成功地管理了它。但是,当我放置自定义授权策略时,WcfTestClient(和普通客户端)在尝试提取元数据时出错(没有它也能正常工作!)。

我的配置:

<serviceAuthorization principalPermissionMode="Custom">
        <authorizationPolicies>
          <add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
        </authorizationPolicies>

我在 MSDN(这里: http://social.msdn.microsoft.com/Forums/en-IE/wcf/thread/80a33bc6-0765-45f6-8af5-0a414a5cc40d )上读到这可能是因为还需要自定义授权管理器。我尝试了这个并添加了 CustomAuthorizationManager(CheckAccessCore 总是返回 true),但它没有用。

这在配置中添加为:
    <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
        <authorizationPolicies>
          <add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
        </authorizationPolicies>

其余配置:

捆绑:
<customBinding>
      <binding name="SampleBinding" receiveTimeout="00:05:00">
        <transactionFlow/>
        <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
            <secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                <localClientSettings maxClockSkew="23:59:59" />
                <localServiceSettings maxClockSkew="23:59:59" />
           </secureConversationBootstrap>
            <localClientSettings maxClockSkew="23:59:59" />
            <localServiceSettings maxClockSkew="23:59:59" />
        </security>
        <binaryMessageEncoding/>
        <tcpTransport transferMode="Buffered" portSharingEnabled="true" maxReceivedMessageSize="65536" hostNameComparisonMode="StrongWildcard"/>
      </binding>
    </customBinding>

行为:
<behavior name="SampleBehavior">
      <serviceMetadata httpGetEnabled="false" />
      <serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" httpsHelpPageEnabled="true" />
        <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
        <authorizationPolicies>
          <add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
        </authorizationPolicies>
      </serviceAuthorization>
      <serviceCredentials>
        <serviceCertificate findValue="MySample" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Sample.Tools.CustomUserNameValidator, Sample" />
      </serviceCredentials>
      <serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" />
    </behavior>

服务:
<services>
    <service behaviorConfiguration="SampleBehavior"
    name="Sample.SampleService">
    <endpoint address=""
              binding="customBinding"
              bindingConfiguration="SampleBinding"
              name="MyServiceEndpoint"
              contract="Sample.ISampleService">
        <identity>
            <dns value="localhost" />
        </identity>
    </endpoint>

    <endpoint address="mex"
              binding="mexTcpBinding"
              bindingConfiguration=""
              name="MyServiceMexTcpBidingEndpoint"
              contract="IMetadataExchange" />
        <host>
            <baseAddresses>
                <add baseAddress="net.tcp://localhost:809/SampleService.svc" />
            </baseAddresses>
        </host>
    </service>
</services>

我几乎被困在这里,关于这个问题几乎找不到。

最佳答案

我在这里看到了这篇不错的帖子:http://social.msdn.microsoft.com/forums/en-US/wcf/thread/86ed7974-97d4-4cc8-a965-542a3063aced

这解决了我的问题,现在我需要考虑实现适当的 ServiceAuthorizationManager :)

10-08 02:18