在WebHttpBinding设置为基本身份验证的情况下使用WCF进行POX REST调用时的xml-Double请求

在WebHttpBinding设置为基本身份验证(HttpClientCredentialType.Basic)的情况下,使用WCF进行POX REST调用时出现问题,而不是使用在HTTP头中指定的“Authorization:Basic”从客户端进行一次调用,因此进行了两次调用。第一个调用没有身份验证,服务响应401个未经授权的错误,第二个调用有正确的身份验证信息。这似乎是由WCF服务处理,没有任何问题。调用第三方服务显然会产生一个问题,因为它们会立即作出错误响应。服务代码:

[ServiceContract]

public interface IService

{

    [OperationContract]

    [WebInvoke(BodyStyle = WebMessageBodyStyle.Bare,

        RequestFormat = WebMessageFormat.Xml,

        UriTemplate = "")]

    Message SendData(Message message);



}



public class Service : IService

{

    public Message SendData(Message message)

    {           return Message.CreateMessage(MessageVersion.None, String.Empty, "test");

    }

}

客户端代码:

public class Client: WebChannelFactory<IService>, IService

{

    public Client(Uri baseUri, string userName, string password)

        : base(CreateBinding(),

               baseUri)

    {

        Credentials.UserName.UserName = userName;

        Credentials.UserName.Password = password;

    }



    public Message SendData(Message requestMessage)

    {

        var channel = CreateChannel();

        Message responseMessage = channel.SendData(requestMessage);

        return responseMessage;

    }



    private static Binding CreateBinding()

    {

        var binding = new WebHttpBinding();

        binding.Security.Mode = WebHttpSecurityMode.TransportCredentialOnly;

        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

        return binding;

    }



}

2使用TcpTrace我看到这些请求背靠背:

POST / HTTP/1.1  

Content-Type: application/xml; charset=utf-8  

VsDebuggerCausalityData:   uIDPo2lH6p+lUOdFmrqDKGWYeQkAAAAA7+Y4QR6wNUWZmwCaasMx7xrfcJZxph9NocstwCh8NQsACQAA  

Host: localhost:9090  

Content-Length: 89  

Expect: 100-continue  

Connection: Keep-Alive  



<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">test request</string>  



POST / HTTP/1.1  

Content-Type: application/xml; charset=utf-8  

VsDebuggerCausalityData: uIDPo2lH6p+lUOdFmrqDKGWYeQkAAAAA7+Y4QR6wNUWZmwCaasMx7xrfcJZxph9NocstwCh8NQsACQAA  

Authorization: Basic dGVzdDp0ZXN0  

Host: localhost:9090  

Content-Length: 89  

Expect: 100-continue  



<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">test request</string> 

注意,只有第二个调用包含:Authorization:Basic dgvzddp0zxn0如何停止要发出的第一个请求(未经授权)?使用TcpTrace实用程序的示例解决方案可以在以下位置下载:WCF-BasicAuthenticationIssue.zip

2个回答

  1. 所以根据Remus的回答这是我的解决方法

            public Message SendData(Message requestMessage)
    
        {
    
            var channel = CreateChannel();
    
            Message responseMessage;
    
            using (new OperationContextScope((IClientChannel)channel))
    
            {
    
                WebOperationContext.Current.OutgoingRequest
    
                    .Headers[HttpRequestHeader.Authorization] = "Basic "
    
                    + Convert.ToBase64String(Encoding.ASCII.GetBytes(
    
                    Credentials.UserName.UserName + ":" + Credentials.UserName.Password));
    
                responseMessage = channel.SendData(requestMessage); 
    
            }
    
            return responseMessage;
    
        }
    
    

    我只是强迫第一个请求在基本授权的情况下发出

  2. 问题实际上在于这些第三方。每个RFC 2617的基本身份验证是在两个调用中完成的,就像摘要一样。服务器应在第一次调用时响应包含领域的质询:在收到保护空间内未经授权的URI请求时,源服务器可能会响应如下质询:

      WWW-Authenticate: Basic realm="WallyWorld"
    
    

    其中“WallyWorld”是服务器为标识请求的保护空间而分配的字符串。WCF终结点将仅在第一个调用之后对后续调用进行预身份验证。appdomain对任何资源的第一次调用将不包含基本的头用户名和密码。另请参阅WCF中的PreAuthenticate标志发生了什么情况。

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>