问题
I'm building a service, using soap (wcf). I want to make my endpoint a bit more secure with a single password and username. When i try to add following configuration, Windows Azure throws the following error:
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Linecode is: I had to change this in my IIS when testing localy, but apparantly I'm not able to adjust it at the Windows Azure platform?
All i want to do, is using an own password and username for access. Is the
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.diagnostics>
<trace>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="credsBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata externalMetadataLocation="external metadata location" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFServiceWebRole.CustomUserNameValidator, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ServiceEndpointBehavior">
<schemaValidator validateRequest="True" validateReply="False">
<schemas>
<add location="schemalocation" />
</schemas>
</schemaValidator>
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="false" />
<extensions>
<behaviorExtensions>
<add name="schemaValidator" type="WCFServiceWebRole.Validation.SchemaValidationBehaviorExtensionElement, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpsBinding_CvServiceInterface" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="01:00:00" openTimeout="01:00:00" closeTimeout="01:00:00" sendTimeout="01:00:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WCFServiceWebRole.CvService" behaviorConfiguration="credsBehavior">
<endpoint address="myendpoint" behaviorConfiguration="ServiceEndpointBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_CvServiceInterface" contract="ICvService" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true" />
<security>
<authentication>
<basicAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
</configuration>
<!--<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>-->
Jeroen
回答1:
Basic Authentication is not available by default in the Windows Azure web roles.
You'll need to create 2 startup scripts:
Powershell script to install basic authentication
Import-Module ServerManager
Add-WindowsFeature Web-Basic-Auth
Note: This requires PowerShell 2.0 that is included in Windows Server 2008 R2 (you'll need to set the osFamily to 2 to get Windows Server 2008 R2: http://msdn.microsoft.com/en-us/library/windowsazure/ee758710.aspx)
Bat file that will activate basic authentication
%windir%\system32\inetsrv\appcmd set config /section:basicAuthentication /enabled:true
Question
Why would you even need basic authentication? Correct me if I'm wrong, but UserName/Password authentication in WCF should work without IIS, so I don't see why it would need basic authentication to work.
回答2:
Like Sandrino mentioned, I don't need basicauth to get authorization and authentication with a custom username and password.
Instead of:
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
I had to do:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName" />
</security>
At client side:
ServiceReference1.CvServiceInterfaceClient cl = new ServiceReference1.CvServiceInterfaceClient();
ClientCredentials creds = new ClientCredentials();
creds.UserName.UserName = "username";
creds.UserName.Password = "password";
var defaultCredentials = cl.Endpoint.Behaviors.Find<ClientCredentials>();
cl.Endpoint.Behaviors.Remove(defaultCredentials);
cl.Endpoint.Behaviors.Add(creds);
Jeroen
来源:https://stackoverflow.com/questions/10139828/windows-azure-basic-authentication-doesnt-work-in-the-cloud