ここでは、WCF RESTfull サービスでカスタム usernamepasswordvalidator を実装しています。必要なのは、http://localhost:12229/RestServiceImpl.svc/GetStudentObj
Chrome REST クライアントを介してこれを呼び出すときに、ユーザー名のパスワードを検証していないことです。このメソッドを直接呼び出して、結果を取得しています。ここで何が間違っていますか??
私のインターフェース
[ServiceContract]
public interface IRestServiceImpl
{
[OperationContract]
[WebInvoke(Method = "GET", UriTemplate = "/GetStudentObj", RequestFormat = WebMessageFormat.Json,
ResponseFormat = WebMessageFormat.Json)]
Student GetStudent();
}
SVC
public class RestServiceImpl : IRestServiceImpl
{
public Student GetStudent()
{
Student stdObj = new Student
{
StudentName = "Foo",
Age = 29,
Mark = 95
};
return stdObj;
}
public class CustomUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException("You must provide both the username and password to access this service");
}
if (!(userName == "user1" && password == "test") && !(userName == "user2" && password == "test"))
{
throw new SecurityTokenException("Unknown Username or Incorrect Password");
}
}
}
}
および Web.Config
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add scheme="http" binding="webHttpBinding"/>
</protocolMapping>
<services>
<service name="RestService.RestServiceImpl" >
<endpoint address="" binding="webHttpBinding" contract="RestService.IRestServiceImpl"></endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior >
</endpointBehaviors>
<serviceBehaviors>
<behavior name="SecureRESTSvcTestBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="RESTfulSecuritySH.CustomUserNameValidator, RESTfulSecuritySH" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
なにか提案を??