开发者

WCF - Get password from MessageHeader

问答 作者:

I have a WCF service with security mode set to message. I use Username for client credentials type with a custom UserNamePasswordValidator.

 NetTcpBinding binding = new NetTcpBinding(SecurityMode.Message, false);
 bind开发者_如何学Cing.Security.Mode = SecurityMode.Message;
 binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

Can I retrieve the password on server side, after the user is authenticated? Is the password saved in MessageHeader of the request? Can I get it from MessageHeader (after user is authenticated)?

Angela

As far as I understand your question you have a WCF service which requires a user name and password for authentication. You have configured a custom UserNamePasswordValidator for this purpose instead of relying on the default mechanism employed by WCF (= Windows).

Take a look here for more information on how to setup a custom username and pasword validator in WCF:

http://msdn.microsoft.com/en-us/library/aa702565.aspx

I assume you have created a class that dervies from the UserNamePasswordValidator type. Your custom type is responsible for checking the username and password against a store (database, xml file...etc.) which contains a list of your users. The validator must determine if it is dealing with a valid user. If so, it can authenticate the user.

For example:

public class CustomUserNameValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        if (null == userName || null == password)
        {
            throw new ArgumentNullException();
        }

        // Validator username and password here
        // bool isValid = ...;

        if (!isValid)
        {
            throw new SecurityTokenException("Access denied.");
        }
    }
}

As you can see if you correctly implemented the custom UserNamePasswordValidator you already have a place where you can access the username and password which the client submitted.

If you want to access the username after the user has been authenticated, for instance in the body of one of service's methods you can use the following:

var userName = 
    OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name;

Take a look at the ServiceSecurityContext type for more information.

If you also want to make the password available, then I suggest you take a look at the following article:

http://www.neovolve.com/post/2008/04/07/wcf-security-getting-the-password-of-the-user.aspx

I guess you could also extract the username and password from the current OperationContext as one of the comments of the previously mentioned article suggests.

public void MyServiceMethod()
{
    var context = OperationContext.Current;
    var token = context.IncomingMessageProperties.Security
                       .IncomingSupportingTokens[0].SecurityToken as  
                System.IdentityModel.Tokens.UserNameSecurityToken; 
    //...
}

继续阅读:securitywcf

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9