Unity IoC + WCF + wsHTTPBinding + Certificate Authorization

2023-04-01 19:58 问答作者：

I have two applications on IIS for development. First WCF application that contains all the logic and communication with database (we call this Server). And another ASP.NET MVC 3 application that has reference to WCF application (we call this Client).

I have issue connected with mixing WCF web.config configuration with Unity IoC custom service host and custom behavior.

When all configuration is done by Unity it creates simple BasicHttpBinding, but my requirement is to make it secure with Certificate Authorization, so I need wsHTTPBinding.

------------- Configuring for BasicHttpBinding ------------

At the beginning look at common Unity implementation for WCF:

internal class UnityInstanceProvider :  IInstanceProvider
{
    private readonly IUnityContainer container;
    private readonly Type contractType;

    public UnityInstanceProvider(
        [NotNull] IUnit开发者_开发技巧yContainer container, 
        [NotNull] Type contractType)
    {
        this.container = container;
        this.contractType = contractType;
    }

    #region IInstanceProvider Members

    public object GetInstance(InstanceContext instanceContext)
    {
        return GetInstance(instanceContext, null);
    }

    public object GetInstance(InstanceContext instanceContext, Message message)
    {
        return container.Resolve(contractType);
    }

    public void ReleaseInstance(InstanceContext instanceContext, object instance)
    {
        container.Teardown(instance);
    }
}

internal class UnityServiceBehavior : IServiceBehavior
{
    private readonly IUnityContainer container;

    public UnityServiceBehavior(
        [NotNull] IUnityContainer container)
    {
        this.container = container;
    }

    #region IServiceBehavior Members

    public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
    {
    }

    public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters)
    {

    }

    public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
    {
        foreach (ChannelDispatcher channelDispatcher in serviceHostBase.ChannelDispatchers)
        {
            foreach (EndpointDispatcher endpointDispatcher in channelDispatcher.Endpoints)
            {
                if (endpointDispatcher.ContractName != "IMetadataExchange")
                {
                    endpointDispatcher.DispatchRuntime.InstanceProvider = new UnityInstanceProvider(container, serviceDescription.ServiceType);



                }
            }
        }
    }

    #endregion
}

public class UnityServiceHost : ServiceHost
{
    private readonly IUnityContainer container;

    public UnityServiceHost(
        [NotNull] IUnityContainer container, 
        [NotNull] Type serviceType, 
        Uri[] baseAddresses)
        : base(serviceType, baseAddresses)
    {
        this.container = container;
    }

    protected override void OnOpening()
    {
        base.OnOpening();
        if (Description.Behaviors.Find<UnityServiceBehavior>() == null)
        {
            Description.Behaviors.Add(new UnityServiceBehavior(container));
        }
    }
}

public class UnityServiceHostFactory : ServiceHostFactory
{
    protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
    {
        IUnityContainer container = new UnityContainer();
        UnityContainerConfigurator.Configure(container);
        return new UnityServiceHost(container, serviceType, baseAddresses);
    }
}

WCF application web.config contains only basic information: None endpoints, none service definition.

Now imagine that we have SecurityService with definition:

<%@ ServiceHost Language="C#" Debug="true" 
Service="myNamespace.SecurityService" 
Factory="myNamespace.UnityServiceHostFactory" %>

Now I can add service reference to SecurityService to my Client. A this step it generates in client web.config:

<basicHttpBinding>
<binding name="BasicHttpBinding_ISecurityService" closeTimeout="00:01:00"
 openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
 allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
 maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
 messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
 useDefaultWebProxy="true">
 <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
  maxBytesPerRead="4096" maxNameTableCharCount="16384" />
 <security mode="None">
  <transport clientCredentialType="None" proxyCredentialType="None"
   realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />
 </security>
</binding>

<endpoint address="http://localhost/wcf-app/SecurityService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISecurityService"
contract="SecurityServiceReference.ISecurityService" name="BasicHttpBinding_ISecurityService" />

At this point I configure this for Unity:

container.RegisterType<SecurityServiceClient>(new InjectionConstructor());

And in Client application I can use it simply by (I don't mention here constructor injection):

var securityService = DependencyResolver.Current.GetService<SecurityServiceClient>();

And this all works! But It don't if I want to use wsHTTPBinding ...

------------- Configuring for wsHTTPBinding ------------

To enable wsHTTPBinding I configured it inside web.config of WCF Application. As a remainder for BasicHttpBinding it didn't contained any information concerning binding, endpoin, etc.

But now for wsHTTPBinding I added:

<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security>
        <message clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<services>   
  <service behaviorConfiguration="ServiceBehavior" name="myNamespace.SecurityService">
    <endpoint address="" binding="wsHttpBinding"
      bindingConfiguration="wsHttpEndpointBinding"
      name="wsHttpEndpoint" contract="myNamespace.ISecurityService">
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
</services>

<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="false" />
      <serviceCredentials>
        <serviceCertificate findValue="CN=myClientCert" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

And after adding service reference to Client application it generates:

<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
 receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
 transactionFlow="false" hostNameComparisonMode="StrongWildcard"
 maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
 textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
 <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
  maxBytesPerRead="4096" maxNameTableCharCount="16384" />
 <reliableSession ordered="true" inactivityTimeout="00:10:00"
  enabled="false" />
 <security mode="Message">
  <transport clientCredentialType="Windows" proxyCredentialType="None"
   realm="" />
  <message clientCredentialType="Certificate" negotiateServiceCredential="true"
   algorithmSuite="Default" />
 </security>
</binding>

I manually added behaviorConfiguration="CertBehavior", that is:

<behaviors>
 <endpointBehaviors>
   <behavior name="CertBehavior">
     <clientCredentials>
       <clientCertificate findValue="CN=myClientCert"/>
     </clientCredentials>
   </behavior>
 </endpointBehaviors>

And now when I want to resolve it using Unity:

var securityService = DependencyResolver.Current.GetService<SecurityServiceClient>();

I get always null...

What is funny when I create simply instance by:

var client = new SecurityServiceReference.SecurityServiceClient();

It works fine... So for sure issue is not connected with wrong wsHttpBinding configuration but rather combining Unity + wsHttpBinding from web.config...

Can any one help me with this issue?

Daniel

Ok, I figured it out.

Ladislav you were right that it should show an exception. UnityDependencyResolver was simply catching it.

internal class UnityDependencyResolver : IDependencyResolver
{
    private readonly IUnityContainer container;

    public UnityDependencyResolver([NotNull] IUnityContainer container)
    {
        this.container = container;
    }

    #region IDependencyResolver Members

    public object GetService(Type serviceType)
    {
        try
        {
            return container.Resolve(serviceType);
        }
        catch
        {
            return null;
        }
    }

    public IEnumerable<object> GetServices(Type serviceType)
    {
        try
        {
            return container.ResolveAll(serviceType);
        }
        catch
        {
            return new List<object>();
        }
    }

I also had to explicitly set certificate locations for the certificates:

<serviceCertificate findValue="CN=myClientCert"
                            storeName="My"
                            x509FindType="FindBySubjectDistinguishedName"
                            storeLocation="LocalMachine"
                            />

<clientCertificate findValue="CN=myClientCert" storeName="My"
                            x509FindType="FindBySubjectDistinguishedName"
                            storeLocation="LocalMachine"
                            />

Now it works fine.

继续阅读：asp.net-mvc asp.net-mvc-3 unity-container wcf wcf-security

Unity IoC + WCF + wsHTTPBinding + Certificate Authorization

更多精彩内容

精彩评论

最新问答

央视是哪个频道？

请问买过的朋友，舒提啦旅行箱实际使用体验如何？？

检查不孕不育需要的费用？

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？