网上查阅了相关WCF的例子,一般都要证书,对于简单的安全性不高的wcf如果寄宿在IIS中wcf的验证完全可基于asp.net 的窗体验证
http://blog.csdn.net/shanyou/archive/2009/09/06/4680978.aspx
该文对“WCF服务中操作FormsAuthentication的Cookie”操作有详细的说明
//建立user wcf锲约
[ServiceContract(Namespace = "")]
public interface IUser
{
[OperationContract]
LoginMessage DoWork(string name);
[OperationContract]
LoginMessage Login(string username, string pass);
[OperationContract]
void SignOut();
}
/// <summary>
/// login DataContract
/// </summary>
[DataContract]
public class LoginMessage
{
[DataMember]
public string Text;
}
//实现接口
// 注意: 如果更改此处的类名 "User",也必须更新 App.config 中对 "User" 的引用。
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class User : IUser
{
public LoginMessage DoWork(string name)
{
LoginMessage a = new LoginMessage();
if (UserAuthenticate.isAuthenticate())
{
a.Text = "hello " + HttpContext.Current.User.Identity.Name.Trim();
}
else
{
a.Text="notlogin";
}
return a;
}
public LoginMessage Login(string username, string pass)
{
LoginMessage a = new LoginMessage();
if (username == "xgr2004" && pass == "123456")
{
UserAuthenticate.VerifyUser(username, pass);
a.Text= "true";
}
else
{
a.Text = "false";
}
return a;
}
public void SignOut()
{
UserAuthenticate.SignOut();
}
//验证部分,这里拷了我给出连接
public class UserAuthenticate
{
static public string VerifyUser(string username, string password)
{
System.Web.Security.FormsAuthentication.SetAuthCookie(username, true);
// 创建验证票
System.Web.Configuration.FormsAuthenticationConfiguration formsConfig = new System.Web.Configuration.FormsAuthenticationConfiguration();
FormsAuthenticationTicket formAuthTicket = new
FormsAuthenticationTicket(
1, // 版本
username, // 用户名称
DateTime.Now, // 创建时间
DateTime.Now.AddMinutes(formsConfig.Timeout.TotalMinutes), // 失效时间
true,""); // 用户数据
//加密票
string encryptedTicket = FormsAuthentication.Encrypt(formAuthTicket);
// 以加密票的密文存入Cookie
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authCookie.HttpOnly = true;
authCookie.Path = FormsAuthentication.FormsCookiePath;
authCookie.Secure = FormsAuthentication.RequireSSL;
if (FormsAuthentication.CookieDomain != null)
{
authCookie.Domain = FormsAuthentication.CookieDomain;
}
if (formAuthTicket.IsPersistent)
{
authCookie.Expires = formAuthTicket.Expiration;
}
HttpContext.Current.Response.Cookies.Add(authCookie);
FormsIdentity identity = new FormsIdentity(formAuthTicket);
GenericPrincipal principal = new GenericPrincipal(identity, null);
HttpContext.Current.User = principal;
return "";
return null;
}
static public bool isAuthenticate()
{
return HttpContext.Current.User.Identity.IsAuthenticated;
}
static public void SignOut()
{
FormsAuthentication.SignOut();
HttpContext.Current.Session.Clear();
}
}
本例子演示如上图所示
当点击登陆,用户名为xgr2004时就登陆,成功登陆后然后点操作就会显示hello name的说明
反之如果没有登陆就显示notlogin
大家拍板
附代码