在使用基于WCF构建的API时,确保只需要验证一次的最佳方法是什么?如何在WCF中使用客户端凭据进行身份验证?
我现在的绑定和行为列举如下
<bindings>
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="NorthwindBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
接下来是我在用我的客户端应用程序来验证(目前我必须这样做,每次我想打个电话到WCF)
Dim client As ProductServiceClient = New ProductServiceClient("wsHttpProductService")
client.ClientCredentials.UserName.UserName = "foo"
client.ClientCredentials.UserName.Password = "bar"
Dim ProductList As List(Of Product) = client.GetProducts()
我想要做的是使用这些凭证来验证API,然后在客户端应用程序使用Web服务项目的一段时间内获取某种类型的令牌。我认为establishsecuritycontext = true为我做了这个?