0
我的WCF服务使用自定义凭证验证器进行自定义基于消息的安全性,因为我想确保每个调用我的Web服务的客户端操作在我的数据库中都有对应的用户名和密码。从WCF操作中获取ClientCredentials
Imports System.IdentityModel.Selectors
Imports System.IdentityModel.Tokens
Public Class CredentialsValidator
Inherits UserNamePasswordValidator
Public Overrides Sub Validate(ByVal userName As String, ByVal password As String)
Dim authenticationApi As New AuthenticationGateway()
If Not authenticationApi.IsValid(userName, password) Then
Throw New SecurityTokenException("Validation Failed.")
End If
End Sub
End Class
事情是,一旦用户通过认证我想使用的用户名在我的OperationContract的实现,使基于上下文的呼叫。
<ServiceContract(Name:="IMyService")> _
Public Interface IMyService
<OperationContract()> _
Function GetAccountNumber() As String
End Interface
Public Class IntegrationService
Implements IIntegrationService
Public Function GetAccountNumber() As String Implements IMyService.GetAccountNumber
Dim userName As String '' Here I want the userName set from credentials
Dim accountApi As New AccountGateway()
Return accountApi.GetAccountNumber(userName)
End Function
End Class
我不能依靠被调用者的诚信指定其实际用户名,使不还传递一个密码无法通过。我想避免每次打电话到我的Web服务都必须接受ClientCredentials。
谢谢。