在WCF中，对于webHttpBinding，当服务器使用基本身份验证时，如何在客户端web.config中指定凭证？

Question

我有两个WCF服务-“一般”服务是公共的，没有安全性；“RESTful”服务，我打算在SSL上使用基本身份验证。这是我的服务器端web.config：

<system.serviceModel>
    <bindings>
        <webHttpBinding>
            <binding name="general" maxReceivedMessageSize="2147483647">
                <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" />
                <security mode="None">
                    <transport clientCredentialType="None" />
                </security>
            </binding>
            <binding name="admin" maxReceivedMessageSize="2147483647">
                <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" />
                <security mode="Transport">
                    <transport clientCredentialType="Basic" />
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior>
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
        </serviceBehaviors>
        <endpointBehaviors>
            <behavior name="web">
                <webHttp/>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <services>
        <service name="MyNamespace.AppServices.GeneralService">
            <endpoint address="" binding="webHttpBinding" contract="MyNamespace.Contracts.IGeneralService" behaviorConfiguration="web" bindingConfiguration="general" />
        </service>
        <service name="MyNamespace.AppServices.AdminService">
            <endpoint address="" binding="webHttpBinding" contract="MyNamespace.Contracts.IAdminService" behaviorConfiguration="web" bindingConfiguration="admin" />
        </service>
    </services>
</system.serviceModel>

在客户端，我目前的代码看起来像这样：

private static IGeneralService GetGeneralChannel()
{
    WebHttpBinding binding = new WebHttpBinding();
    binding.Security.Mode = WebHttpSecurityMode.None;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
    binding.MaxReceivedMessageSize = Int32.MaxValue;
    binding.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
    binding.ReaderQuotas.MaxArrayLength = Int32.MaxValue;

    WebChannelFactory<IGeneralService> cf = new WebChannelFactory<IGeneralService>(binding, new Uri("http://localhost:1066/GeneralService"));
    IGeneralService channel = cf.CreateChannel();
    return channel;
}

private static IAdminService GetAdminChannel()
{
    WebHttpBinding binding = new WebHttpBinding();
    binding.Security.Mode = WebHttpSecurityMode.Transport;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
    binding.MaxReceivedMessageSize = Int32.MaxValue;
    binding.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
    binding.ReaderQuotas.MaxArrayLength = Int32.MaxValue;

    WebChannelFactory<IAdminService> cf = new WebChannelFactory<IAdminService>(binding, new Uri("http://localhost:1066/AdminService"));
    cf.Credentials.UserName.UserName = "myUserName";
    cf.Credentials.UserName.Password = "myPassword";

    IAdminService channel = cf.CreateChannel();
    return channel;
}

问题是，既然我显然不想硬编码所有这些配置信息，那么我需要如何在客户端的web.config中提供这些信息呢？我很清楚，绑定元素在客户机上需要看起来与在服务器上看起来几乎一样。但是，我应该在何处指示分配给WebChannelFactory的凭据？

任何帮助和/或见解都将不胜感激。

谢谢，史蒂夫

Answer 1

您不能将这些凭据(用户名和密码)放入web.config中，然后让WCF从那里读取它们。这是WCF中极少数无法在配置中完成的功能之一-您必须在代码中设置这些凭据。

当然，在你的代码中，你可以从数据库表或者某个地方的配置项中读取它们，但是你必须自己去做。无法将WCF配置为自动从某处读取这些设置。