在解决了我之前的问题后,我想将 netTcpBinding 转换为 customBinding,我成功地管理了它。但是,当我放置自定义授权策略时,WcfTestClient(和普通客户端)在尝试提取元数据时出错(没有它也能正常工作!)。
我的配置:
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
我在 MSDN(这里: http://social.msdn.microsoft.com/Forums/en-IE/wcf/thread/80a33bc6-0765-45f6-8af5-0a414a5cc40d )上读到这可能是因为还需要自定义授权管理器。我尝试了这个并添加了 CustomAuthorizationManager(CheckAccessCore 总是返回 true),但它没有用。
这在配置中添加为:
<serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
其余配置:
捆绑:
<customBinding>
<binding name="SampleBinding" receiveTimeout="00:05:00">
<transactionFlow/>
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings maxClockSkew="23:59:59" />
<localServiceSettings maxClockSkew="23:59:59" />
</secureConversationBootstrap>
<localClientSettings maxClockSkew="23:59:59" />
<localServiceSettings maxClockSkew="23:59:59" />
</security>
<binaryMessageEncoding/>
<tcpTransport transferMode="Buffered" portSharingEnabled="true" maxReceivedMessageSize="65536" hostNameComparisonMode="StrongWildcard"/>
</binding>
</customBinding>
行为:
<behavior name="SampleBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" httpsHelpPageEnabled="true" />
<serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="Sample.Tools.CustomAuthorizationManager, Sample">
<authorizationPolicies>
<add policyType="Sample.Tools.CustomAuthorizationPolicy, Sample" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<serviceCertificate findValue="MySample" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Sample.Tools.CustomUserNameValidator, Sample" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" />
</behavior>
服务:
<services>
<service behaviorConfiguration="SampleBehavior"
name="Sample.SampleService">
<endpoint address=""
binding="customBinding"
bindingConfiguration="SampleBinding"
name="MyServiceEndpoint"
contract="Sample.ISampleService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexTcpBinding"
bindingConfiguration=""
name="MyServiceMexTcpBidingEndpoint"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:809/SampleService.svc" />
</baseAddresses>
</host>
</service>
</services>
我几乎被困在这里,关于这个问题几乎找不到。
最佳答案
我在这里看到了这篇不错的帖子:http://social.msdn.microsoft.com/forums/en-US/wcf/thread/86ed7974-97d4-4cc8-a965-542a3063aced
这解决了我的问题,现在我需要考虑实现适当的 ServiceAuthorizationManager :)