When we used webservice as a distributed system, authentication is a troublesome problem, the common practice is to inherit a soapheader, put the username and password inside, each call a method to pass the username and password to the server to verify, the efficiency is very low, code writing quite trouble , and it's not safe!
WCF support a variety of authentication technologies, such as WINDOWNS certification, X509 certificate, Issued tokens, user name password authentication, in the system across Windows domain, user name password Authentication is more commonly used, to achieve user name password authentication, you must need to X509 certificate, Why, then? Because we need X509 certificate This kind of asymmetric key technology realizes the encryption and decryption of WCF in message transmission, otherwise the username and password must be passed on the network. The detailed explanation is that the client uses the public key to encrypt the user name and the password to pass to the server side, the server end uses own private key to decrypt, then passes to the corresponding authentication program to realize the authentication.
Of course, it is not necessary to do a test program to apply for a X509 digital signature certificate, Microsoft provides a makecert.exe command to generate the X509 certificate used in the test, then we will build a test certificate, under the CMD to enter the following command:
MAKECERT.EXE-SR localmachine-ss my-a sha1-n Cn=myservercert-sky exchange–pe
The meaning of this command is to create a test X509 certificate, which is placed under the "my" folder where the storage location is ' localmachine ', with the certificate subject name ' Myservercert ' and more information about the MakeCert command, please refer to MSDN.
Once the certificate is established, we can write code, create a solution under VS2008 and build two Web projects on it, one is ' asp.net Web application ' (client), one is ' WCF Service Application ' (server-side), we first write the server-side code, first we have to write our own username password Authentication logic, first to add a WCF project on the ' System.identitymodel ' and then we build a new class file and inherit from ' System. IdentityModel.Selectors.UserNamePasswordValidator ', and then we rewrite the inside ' Validate ' method to implement the user name password Authentication logic. The code is as follows;
Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Text;
Using System.IdentityModel.Selectors;
Using System.IdentityModel.Tokens;
Namespace Serverwcfservice.customvalidators
{
public class Mycustomvalidator:usernamepasswordvalidator
{
<summary>
Validates the user name and password combination.
</summary>
<param name= "userName" >the user name.</param>
<param name= "Password" >the password.</param>
public override void Validate (string userName, string password)
{
Validate arguments
if (string. IsNullOrEmpty (UserName))
throw new ArgumentNullException ("UserName");
if (string. IsNullOrEmpty (password))
throw new ArgumentNullException ("password");
Check if the user is not Xiaozhuang
if (userName!= "Xiaozhuang" | | password!= "123456")
throw new Securitytokenexception ("Username or password error!") ");
}
}
}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
