Geek asks and answers

Basic Windows Azure authentication not working in the cloud?

I create a service using soap (wcf). I want to make my endpoint more secure with a single password and username. When I try to add the following configuration, Windows Azure throws the following error:

Error: This configuration section cannot be used on this path. This happens when a section is locked at the parent level. The default lock (overrideModeDefault = "Deny") is either explicitly set by the location tag with overrideMode = "Deny" or the deprecated allowOverride = "false".

Linecode: I had to change this in my IIS when testing locally, but at the same time I can not configure it on the Windows Azure platform?

All I want to do is use my own password and username for access. Is an

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.diagnostics>
    <trace>
      <listeners>
        <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
          <filter type="" />
        </add>
      </listeners>
    </trace>
  </system.diagnostics>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <customErrors mode="Off"/>
  </system.web>

  <system.serviceModel>

    <behaviors>
      <serviceBehaviors>
        <behavior name="credsBehavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata externalMetadataLocation="external metadata location" />

          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFServiceWebRole.CustomUserNameValidator, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="ServiceEndpointBehavior">
          <schemaValidator validateRequest="True" validateReply="False">
            <schemas>
              <add location="schemalocation" />
            </schemas>
          </schemaValidator>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="false" />

    <extensions>
      <behaviorExtensions>
        <add name="schemaValidator" type="WCFServiceWebRole.Validation.SchemaValidationBehaviorExtensionElement, WCFServiceWebRole, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
      </behaviorExtensions>
    </extensions>

    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpsBinding_CvServiceInterface" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="01:00:00" openTimeout="01:00:00" closeTimeout="01:00:00" sendTimeout="01:00:00">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                        maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />

          <security mode="Transport">
              <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="WCFServiceWebRole.CvService" behaviorConfiguration="credsBehavior">
        <endpoint address="myendpoint" behaviorConfiguration="ServiceEndpointBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_CvServiceInterface" contract="ICvService" />
      </service>
    </services>

  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true" />

    <security>
      <authentication>
        <basicAuthentication enabled="true"/>
      </authentication>
    </security>
  </system.webServer>
</configuration>

<!--<system.webServer>
  <security>
    <authentication>
      <anonymousAuthentication enabled="false" />
      <basicAuthentication enabled="true" />
    </authentication>
  </security>
</system.webServer>-->

Jeroen

+1
source share
2 answers

As Sandrino mentioned, I don't need basicauth to get authorization and authentication with a username and password.

Instead:

<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>

I had to do:

  <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None"/>
    <message clientCredentialType="UserName" />
  </security>

On the client side:

    ServiceReference1.CvServiceInterfaceClient cl = new ServiceReference1.CvServiceInterfaceClient();
    ClientCredentials creds = new ClientCredentials();

    creds.UserName.UserName = "username";
    creds.UserName.Password = "password";
    var defaultCredentials = cl.Endpoint.Behaviors.Find<ClientCredentials>();
    cl.Endpoint.Behaviors.Remove(defaultCredentials);
    cl.Endpoint.Behaviors.Add(creds);

Jeroen

+1
source

Basic authentication is not available by default in Windows Azure web roles.

enter image description here

You need to create 2 startup scripts:

Powershell script to set basic authentication

Import-Module ServerManager
Add-WindowsFeature Web-Basic-Auth

. PowerShell 2.0, Windows Server 2008 R2 ( osFamily 2, Windows Server 2008 R2: http://msdn.microsoft.com/en-us/library/windowsazure/ee758710.aspx)

,

%windir%\system32\inetsrv\appcmd set config /section:basicAuthentication /enabled:true

? , , UserName/Password WCF IIS, , .

+1

More articles:


All Articles