WCF中使用扩展行为来验证连接的用户

        在WCF实现安全控制的方法很多,如使用证书、windows身份认证等等。本文要介绍的是使用简单的用户名密码方式来验证,客户端在与服务端交互时附带传递用户名和密码。使用该方法的好处就是配置简单,不受环境的制约。

通过WCF中的扩展行为来将用户名和密码附加到消息头MessageHeader中,自然这样就可以在服务端通过读取IncomingMessageHeaders得到用户名和密码。

       自定义行为,自定义行为要实现:IEndpointBehavior BehaviorExtensionElement

IEndpointBehavior members:

代码
public   void  AddBindingParameters(ServiceEndpoint endpoint, 
            System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
            
return ;
        }

        
public   void  ApplyClientBehavior(ServiceEndpoint endpoint, 
            System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
        {
            clientRuntime.MessageInspectors.Add(
new  IdentityHeaderInspector());
        }

        
public   void  ApplyDispatchBehavior(ServiceEndpoint endpoint, 
            System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
        {

        }

        
public   void  Validate(ServiceEndpoint endpoint)
        {
            
return ;
        }

 

BehaviorExtensionElement members

 

代码
   public   override  Type BehaviorType
        {
            
get
            {
                
return   typeof (AttachContextBehavior);
            }
        }

        
protected   override   object  CreateBehavior()
        {
            
return   new  AttachContextBehavior();
        }

 


自定义消息检查器IClientMessageInspector,在消息检查器中添加MessageHeader附加用户名和密码:

代码
   private   class  IdentityHeaderInspector : IClientMessageInspector
        {
            
#region  IClientMessageInspector Members

            
public   void  AfterReceiveReply( ref  System.ServiceModel.Channels.Message reply,  object  correlationState)
            {
            }

            
public   object  BeforeSendRequest( ref  System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
            {
                MessageHeader
< string >  header  =   new  MessageHeader < string > (AppContext.UserName);
                request.Headers.Add(header.GetUntypedHeader(
" UserName " " http://ruinet.cnblogs.com/username " ));

                header 
=   new  MessageHeader < string > (AppContext.Password);
                request.Headers.Add(header.GetUntypedHeader(
" Password " " http://ruinet.cnblogs.com/password " ));
                
return   null ;
            }

            
#endregion

        }

 

 

然后在实现的IEndpointBehavior接口的ApplyClientBehavior行为中添加IdentityHeaderInspector

代码
public   void  ApplyClientBehavior(ServiceEndpoint endpoint, 
            System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
        {
            clientRuntime.MessageInspectors.Add(
new  IdentityHeaderInspector());
        }

完整扩展行为代码:
代码
using  System;
using  System.Collections.Generic;
using  System.Linq;
using  System.Text;
using  System.ServiceModel.Dispatcher;
using  System.ServiceModel;
using  System.ServiceModel.Description;
using  System.ServiceModel.Configuration;
using  WCFSecurity.Security;

namespace  WCFSecurity.Security
{
    
public   class  AttachContextBehavior : BehaviorExtensionElement, IEndpointBehavior
    {
        
public   override  Type BehaviorType
        {
            
get
            {
                
return   typeof (AttachContextBehavior);
            }
        }

        
protected   override   object  CreateBehavior()
        {
            
return   new  AttachContextBehavior();
        }

        
#region  IEndpointBehavior Members

        
public   void  AddBindingParameters(ServiceEndpoint endpoint, 
            System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
            
return ;
        }

        
public   void  ApplyClientBehavior(ServiceEndpoint endpoint, 
            System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
        {
            clientRuntime.MessageInspectors.Add(
new  IdentityHeaderInspector());
        }

        
public   void  ApplyDispatchBehavior(ServiceEndpoint endpoint, 
            System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
        {

        }

        
public   void  Validate(ServiceEndpoint endpoint)
        {
            
return ;
        }

        
#endregion

        
private   class  IdentityHeaderInspector : IClientMessageInspector
        {
            
#region  IClientMessageInspector Members

            
public   void  AfterReceiveReply( ref  System.ServiceModel.Channels.Message reply,  object  correlationState)
            {
            }

            
public   object  BeforeSendRequest( ref  System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
            {
                MessageHeader
< string >  header  =   new  MessageHeader < string > (AppContext.UserName);
                request.Headers.Add(header.GetUntypedHeader(
" UserName " " http://ruinet.cnblogs.com/username " ));

                header 
=   new  MessageHeader < string > (AppContext.Password);
                request.Headers.Add(header.GetUntypedHeader(
" Password " " http://ruinet.cnblogs.com/password " ));
                
return   null ;
            }

            
#endregion

        }
    }
}

 在客户端的配置文件中加入扩展行为AttachContextBehavior

 

代码
< behaviors >
            
< endpointBehaviors >
                
< behavior  name ="headersMapping" >
                    
< attachContextHeader />
                
</ behavior >
            
</ endpointBehaviors >
        
</ behaviors >
        
< extensions >
            
< behaviorExtensions >
                
< add  name ="attachContextHeader"  type ="WCFSecurity.Security.AttachContextBehavior, WCFSecurity.Security, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
            
</ behaviorExtensions >
        
</ extensions >

 

behaviorExtensions节点中加入自定义对象,然后再behavior节点指定:<attachContextHeader/>,最后在endpoint的behaviorConfiguration指定行为即可:

 

代码
< endpoint name = " CalculateService "
    contract 
= " WCFSecurity.Contracts.ICalculateService "
    address
= " http://localhost:8001/CalculateService "
    binding 
= " wsHttpBinding "
    bindingConfiguration 
= " wsHttpBindingConfig "
    behaviorConfiguration 
= " headersMapping "   />

实例客户端运行时传递用名ruinet和密码88888:

 

代码
  static   void  Main( string [] args)
        {
            AppContext.UserName 
=   " ruinet " ;
            AppContext.Password 
=   " 888888 " ;

            Console.WriteLine(
" connecting host.. " );
            CalculateServiceProxy proxy 
=   new  CalculateServiceProxy();
            Console.WriteLine ( proxy.Add(
12 22 ));

            proxy.Close();

            Console.WriteLine(
" close connect " );
            Console.ReadLine(); 
        }

 

在服务器端接收用户名和密码:

 

代码
namespace  WCFSecurity.Services
{
    
public   class  CalculateService : WCFSecurity.Contracts.ICalculateService
    {
        
public   double  Add( double  num1,  double  num2)
        {
            Console.WriteLine(
" Client  Requirement is coming " );

            
int  index =  OperationContext.Current.IncomingMessageHeaders.FindHeader( " UserName "
                
" http://ruinet.cnblogs.com/username " );
            
if  (index  !=   - 1 )
            {
                
string  userName  =  OperationContext.Current.IncomingMessageHeaders.GetHeader < string > ( " UserName "
                    
" http://ruinet.cnblogs.com/username " );
                
string  password  =  OperationContext.Current.IncomingMessageHeaders.GetHeader < string > ( " Password "
                    
" http://ruinet.cnblogs.com/password " );

                Console.WriteLine(
" UserName: "   +  userName);
                Console.WriteLine(
" Password: "   +  password);
            }
          

            
return  num1  +  num2;
        }
    }
}

 

运行结果:

代码下载

你可能感兴趣的:(WCF中使用扩展行为来验证连接的用户)