问题描述
限时送ChatGPT账号..我有一个托管在 IIS 中的 WCF 服务.我想使用我自己的 IAuthorizationPolicy,并在服务器上的 web.config 文件中配置它.我有我的身份验证政策:
I have a WCF service that is hosted in IIS. I want to use my own IAuthorizationPolicy, and have it configured in the web.config file on the server. I have my auth policy:
namespace MyLib.WCF
{
public class CustomAuthorizationPolicy : IAuthorizationPolicy
{
public CustomAuthorizationPolicy()
{
this.Id = Guid.NewGuid().ToString();
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
throw new ApplicationException("Testing custom auth");
}
...
}
}
在我的 web.config 中:
And in my web.config:
<service behaviorConfiguration="Behavior" name="MyService">
<endpoint address="" binding="wsHttpBinding" contract="IMyService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
<serviceBehaviors>
<behavior name="Behavior">
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="MyLib.WCF.CustomAuthorizationPolicy, MyLib.WCF, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
但我的 CustomAuthorizationPolicy.Evaluate() 方法从不触发.我错过了什么?
But my CustomAuthorizationPolicy.Evaluate() method never fires. What am I missing?
推荐答案
嗯,明显(愚蠢)的问题是:在你的
中,你真的引用了你的行为配置吗?
Well, the obvious (silly) question is: in your <service>
, do you actually reference your behavior configuration??
即你有吗:
<system.serviceModel>
....
<service name="YourService" behaviorConfiguration="Behavior">
....
</service>
....
</system.serviceModel>
仅仅定义你所有的东西是很好的——但除非你真的引用了它,否则它不会对你有任何好处(去过那里,我自己也做过!:-))
Just defining all your stuff is nice and well - but unless you've actually referenced it, it won't do you any good (been there, done that myself, too! :-) )
第二个(几乎是愚蠢的)问题是:你使用什么绑定和安全配置??你有没有打开安全?如果您有 <security mode="None">
,那么您的服务授权显然也不会被使用(因为根本没有将凭据传递给服务).
Second (almost as silly) question would be: what binding and security config do you use?? Have you even turned on security at all? If you have <security mode="None">
, then your service authorization will obviously never be used, either (since no credentials are being passed to the service at all).
马克
这篇关于如何在 WCF 中声明性地实现自定义 IAuthorizationPolicy?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论