如何设置WorkflowService身份验证？

Question

我只需要保护我的WF服务。在这上面找不到任何资源。该怎么做呢？

已试过：

class Program
{
    static void Main(string[] args)
    {
        using (WorkflowServiceHost host = new WorkflowServiceHost(new Workflow1(), new Uri("http://localhost/Test")))
        {
            host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
            host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new Test();

            host.Open();
            Console.Write("ready");
            Console.ReadLine();
        }
    }
}
public class Test : UserNamePasswordValidator
{
    public Test()
    {
        Console.Write("hit");
    }

    public override void Validate(string userName, string password)
    {
        Console.Write("never hit");
    }
}

和配置

<bindings>
  <wsHttpBinding>
    <binding>
      <security mode="Message">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

  <serviceBehaviors>
    <behavior>
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <!--<serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="myAssembly.Test, myAssembly" />
      </serviceCredentials>-->
    </behavior>
  </serviceBehaviors>

• 无法创建固定名称端点，因为它们是动态创建的

UPDATE -我尝试了下面的配置并工作了，但我希望有一种更细粒度的方法来设置每个服务使用什么绑定。

<protocolMapping>
  <add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>

Answer 1

有点讨厌，但很管用。重写WorkflowServiceHost，以便获取未知的合同名称，并为每个合同添加服务端点。

    const string DEFAULT_WORKFLOW_SERVICE_BINDING_NAME = "WorkflowDefaultBinding";

    static void Main(string[] args)
    {            
        MyWorkflowServiceHost host = new MyWorkflowServiceHost(new CountingWorkflow2(), new Uri(hostBaseAddress));
        foreach (var contractName in host.ImplementedContractsNames)
        {
            // now I'm able to choose which binding to use depending on a condition
            var binding = new WSHttpBinding(DEFAULT_WORKFLOW_SERVICE_BINDING_NAME);

            host.AddServiceEndpoint(contractName, binding, string.Empty);
        }
    }

和MyWorkflowServiceHost

    public class MyWorkflowServiceHost : WorkflowServiceHost
    {
        public MyWorkflowServiceHost(Activity activity, params Uri[] baseAddresses)
            : base(activity, baseAddresses)
        {

        }

        private IDictionary<string, System.ServiceModel.Description.ContractDescription> _implementedContracts;
        public IEnumerable<string> ImplementedContractsNames
        {
            get
            {
                foreach (var contract in _implementedContracts)
                    yield return contract.Key;
            }
        }

        protected override System.ServiceModel.Description.ServiceDescription CreateDescription(out System.Collections.Generic.IDictionary<string, System.ServiceModel.Description.ContractDescription> implementedContracts)
        {
            System.ServiceModel.Description.ServiceDescription description = base.CreateDescription(out implementedContracts);

            _implementedContracts = implementedContracts;

            return description;
        }
    }

添加一个未命名的WSHttpBinding和下面关于服务模型的部分也应该有效，但是对于默认配置来说是这样的

<protocolMapping>
  <add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>

Answer 2

我们有一集的工作流程电视，应该有帮助。工作流电视-工作流服务安全性

Answer 3

就消息传递部分而言，这只是WCF，所以您可以在这里使用WCF进行任何操作。

也就是说，对于工作流，除了第一个请求之外，通常都需要更细粒度的控制。例如，所有员工都可以启动支出报告，但只有启动特定费用报告的员工才能将费用添加到其中并提交。您可以使用WF安全包进行此类安全检查。