C#学习教程:CustomAuthorizationPolicy.Evaluate()方法永远不会在wcf webhttpbinding中触发分享


CustomAuthorizationPolicy.Evaluate()方法永远不会在wcf webhttpbinding中触发

我可以看到我创建了一个wcf服务:

[OperationContract] [PrincipalPermission(SecurityAction.Demand, Role = "Admin")] [WebInvoke(Method = "GET", UriTemplate = "/Data/{data}")] string GetData(string data); 

所以我创建了一个自定义授权,你可以看到:

 public class AuthorizationPolicy : IAuthorizationPolicy { string id = Guid.NewGuid().ToString(); public string Id { get { return this.id; } } public System.IdentityModel.Claims.ClaimSet Issuer { get { return System.IdentityModel.Claims.ClaimSet.System; } } // this method gets called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity IIdentity client = HttpContext.Current.User.Identity; // set the custom principal evaluationContext.Properties["Principal"] = new CustomPrincipal(client); return true; } } public class CustomPrincipal : IPrincipal { private IIdentity _identity; public IIdentity Identity { get { return _identity; } } public CustomPrincipal(IIdentity identity) { _identity = identity; } public bool IsInRole(string role) { //my code return true; // return Roles.IsUserInRole(role); } } 

和身份validation:

  public class RestAuthorizationManager: ServiceAuthorizationManager { protected override bool CheckAccessCore(OperationContext operationContext) { //Extract the Authorization header, and parse out the credentials converting the Base64 string: var authHeader = WebOperationContext.Current.IncomingRequest.Headers["Authorization"]; if ((authHeader != null) && (authHeader != string.Empty)) { var svcCredentials = System.Text.ASCIIEncoding.ASCII .GetString(Convert.FromBase64String(authHeader.Substring(6))) .Split(':'); var user = new { Name = svcCredentials[0], Password = svcCredentials[1] }; if ((user.Name == "1" && user.Password == "1")) { //here i get the role of my user from the database // return Admin role //User is authrized and originating call will proceed return true; } else { //not authorized return false; } } else { //No authorization header was provided, so challenge the client to provide before proceeding: WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm="MyWCFService""); //Throw an exception with the associated HTTP status code equivalent to HTTP status 401 throw new WebFaultException(HttpStatusCode.Unauthorized); } } } 

所以我在我的IIS中创建和https托管,我上传服务,我的身份validation类正在运行,但我的授权没有。为什么?我在我的网络配置中定义我的身份validation,你可以看到。但我不知道怎么能我在我的网络配置中定义了我的授权。

                                                      

我的意思是当我在客户端调用我的服务时。该服务不检查授权function。我应该在webconfig中定义我的自定义授权类但我不知道如何?

 public bool IsInRole(string role) { //my code return true; // return Roles.IsUserInRole(role); } 

您可能需要在web config文件中设置serviceCredentials

     

以下是有关serviceCredentials更多信息的链接: https : //docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/wcf/servicecredentials

您可以在标记内指定自定义AuthorizationPolicy,例如:

     

在WCF文档中,为WCF服务实现自定义授权策略有一个很好的示例。

但是,在覆盖抽象AuthorizationManager基类的CheckAccess方法时要小心。 基类的方法在内部调用GetAuthorizationPolicies方法以检索所有IAuthorizationPolicy对象的集合(另请参阅此博客文章 )。

如果重写CheckAcces并且不调用父类的方法,则不会调用IAuthorizationPolicy对象的任何Evaluate方法。

上述就是C#学习教程:CustomAuthorizationPolicy.Evaluate()方法永远不会在wcf webhttpbinding中触发分享的全部内容,如果对大家有所用处且需要了解更多关于C#学习教程,希望大家多多关注—猴子技术宅(www.ssfiction.com)

本文来自网络收集,不代表猴子技术宅立场,如涉及侵权请点击右边联系管理员删除。

如若转载,请注明出处:https://www.ssfiction.com/ckf/1031895.html

发表评论

邮箱地址不会被公开。 必填项已用*标注