WCF Membership and Role Provider

本文介紹的是如何使用Membership 和 Role Provider 來控制 WCF 調用方法的權限。

好比咱們有一個WCF Method 叫 GetData(int num),而後咱們只容許Role = "Administrator"的用戶來調用它，這就是本文要介紹的。

首先，咱們先創建一個Solution，Solution裏面有兩個Project,一個是咱們的WCF Service叫MyService,另外是一個客戶端的Web Project,叫 MyClientApp, 在MyClientApp下有個Default.aspx，來調用MyService.

 

裏面的MyService是默認創建的WCF Service,這裏咱們不介紹如何寫一個簡單的WCF 程序。

重要的是，在咱們的方法GetData(int value)上加上這麼一句話

1. [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]

意思是咱們只容許Administrator Role的用戶來調用GetDate這個方法

整個的代碼爲

1. [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
2.        public string GetData(int value)
3.        {
4.            return string.Format("You entered: {0}", value);
5.        }

 

 

當運行Default.aspx的時候，咱們看到這樣的結果。

 

aspnet_regsql創建Membership 數據庫。

完成後修改MyService裏面的Web.config，在這裏必定看好，不是MyClientApp,而是MyService的web.config

添加以下

1. <connectionStrings>
2.     <add name="WCFDemoConnection"
3.          connectionString="Data Source=localhost;Initial Catalog=WCFDemo;User ID=sa;Password=9ijn)OKM;"
4.          providerName="Sql.Data.SqlClient" />
5.   </connectionStrings>

 

1. <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider" >
2.       <providers>
3.         <remove name="AspNetSqlRoleProvider" />
4.         <remove name="AspNetWindowsTokenRoleProvider" />
5.         <add connectionStringName="WCFDemoConnection"
6.              applicationName="WCFDemo"
7.              name="AspNetSqlRoleProvider"
8.              type="System.Web.Security.SqlRoleProvider" />
9.       </providers>
10.     </roleManager>
11.     <membership defaultProvider="AspNetSqlProvider" >
12.       <providers>
13.         <remove name="AspNetSqlMembershipProvider" />
14.         <add connectionStringName="WCFDemoConnection"
15.              applicationName="WCFDemo"
16.              minRequiredPasswordLength="2"
17.              minRequiredNonalphanumericCharacters="0"
18.              requiresQuestionAndAnswer="false"
19.              requiresUniqueEmail=" false"
20.              name="AspNetSqlProvider"
21.              type="System.Web.Security.SqlMembershipProvider "
22.              enablePasswordRetrieval="true"
23.              passwordFormat="Encrypted"
24.              maxInvalidPasswordAttempts="20"/>
25.       </providers>
26.     </membership>
27.     <machineKey validationKey="0D9EA75EE7CEF839CACB3DBAC68F420060EC381F315C2C12A80DBBBE7A8ED02079B8371B0654F11549248F58E55B5E74051DC888BA978BE1D733CF452511ECB7 " decryptionKey="BD9A8F945ACCB35EAB54542B771D34CFFE01F026A5FC5857A4253FAA20EA207F" validation="SHA1" decryption=" AES" />

 

 

 

選擇MyService的Project,而後進入到ASP.NET Web Site Administration Tool的界面，在裏面創建兩個Role，一個Administrator,一個是User

而後咱們在創建兩個User,一個是Administrator group裏面的admin,密碼Password,一個是User group裏面的user1,密碼是Password

 

 

在MyService\web.config,進行修改，這裏咱們暫時不作Certificate Check, 因此咱們使用NoCheck.

1. <behaviors>
2.  
3.       <serviceBehaviors>
4.  
5.         <behavior>
6.           <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider">
7.           </serviceAuthorization>
8.           <serviceMetadata httpGetEnabled="true" />
9.           <serviceDebug includeExceptionDetailInFaults="false" />
10.           <serviceCredentials>
11.             <clientCertificate >
12.               <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
13.               <certificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
14.             </clientCertificate>
15.             <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
16.             <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
17.               membershipProviderName="AspNetSqlProvider" />
18.           </serviceCredentials>
19.         </behavior>
20.       </serviceBehaviors>
21.     </behaviors>

 

在MyClientApp端進，Add Reference,自動生成web.config，

進行測試，輸入正確的用戶名密碼

1. try
2.            {
3.                ServiceReference1.Service1Client client = new ServiceReference1.Service1Client();
4.                client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
5.                client.ClientCredentials.UserName.UserName = "admin";
6.                client.ClientCredentials.UserName.Password = "Password";
7.                Response.Write(client.GetData(5));
8.            }
9.            catch (Exception ex)
10.            {
11.                Response.Write(ex.Message);
12.            }

 

輸入另外User group內User1,

1. try
2.             {
3.                 ServiceReference1.Service1Client client = new ServiceReference1.Service1Client();
4.                 client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
5.                 client.ClientCredentials.UserName.UserName = "user1";
6.                 client.ClientCredentials.UserName.Password = "Password";
7.                 Response.Write(client.GetData(5));
8.             }
9.             catch (Exception ex)
10.             {
11.                 Response.Write(ex.Message);
12.             }