由网友(看你装逼笑你傻)分享简介：我对.NET 4中使用自定义UserNamePasswordValidator WCF服务，使用SSL和信息安全。I have a WCF service on .NET 4 with a custom UserNamePasswordValidator, secured with SSL and message s...

我对.NET 4中使用自定义UserNamePasswordValidator WCF服务，使用SSL和信息安全。

I have a WCF service on .NET 4 with a custom UserNamePasswordValidator, secured with SSL and message security.

在UserNamePasswordValidator获取的用户名和密码，并将其传递到一个存储过程返回该用户名和密码的有效帐户令牌。​​

The UserNamePasswordValidator receives the user name and password and passes it to a stored procedure that returns the valid account token for that user name and password.

我的问题是，我不知道如何访问该帐户令牌在实际的Web服务。我怀疑，我必须能够标记添加到一个头的地方，但的OperationContext尚不存在于UserNamePasswordValidator和HttpContext的设置它失败的消息确认安全时发生错误。

My problem is that I don't understand how to access that account token in the actual web service. I suspect that I must be able to add the token to a header somewhere, but OperationContext does not exist yet in the UserNamePasswordValidator and setting it on HttpContext fails with "An error occurred when verifying security for the message."

这是我的google搜索，似乎我必须实现IAuthorizationPolicy或IIdentity的，但那些都将有机会获得密码。

From my googling, it appears that I must implement either IAuthorizationPolicy or IIdentity, but neither of those will have access to the password.

我会认为，许多服务将采取用户名和密码，并用它来找到相关的帐户。我是它过于复杂，还是我只是缺少明显的东西？

I would think that many services would take a user name and password and use that to find the relevant account. Am I overcomplicating it, or am I just missing something obvious?

推荐答案

我结束了检查OperationContext.Current.ServiceSecurityContext.PrimaryIdentity，看看用户进行身份验证，然后就根据检索的身份，我需要从数据库中的信息名称。这似乎工作得很好。

I ended up checking OperationContext.Current.ServiceSecurityContext.PrimaryIdentity to see if the user is authenticated and then just retrieving the information I needed from the database based on the identity name. That seems to work just fine.