我知道，在webservicehost类认证并不完全遵守认证标准（返回403禁止，而不是当用户输入不正确的凭据提示输入另一组凭证）。

我还是想（在会议上，HTTPS不必要的启动用户名和密码 - 见下图），以实现这个基本身份验证，因为它适合用于小家的项目我的需求。

我对为myService的代码如下：

Imports System.IO
Imports System.Text
Imports System.ServiceModel
Imports System.ServiceModel.Web
Imports System.ServiceModel.Channels

<ServiceContract()>
Public Class myService
    <OperationContract(), WebGet(UriTemplate:="/xml/{argument1}/{argument2}")>
    Public Function XML(argument1 As String, argument2 As String) As Stream
        requestCounter += 1
        Console.WriteLine("xml data request at " & DateTime.Now.ToString() & ", request count= " & requestCounter)
        Console.WriteLine(WebOperationContext.Current.IncomingRequest.UserAgent.ToString())
        Return _ReturnXML("<xmlresponse><data><argument1>" & argument1 & "</argument1><argument2>" & argument2 & "</argument2></data><server><serverlivesince>" & serverStart.ToString() & "</serverlivesince><pageservetime>" & DateTime.Now.ToString() & "</pageservetime><requestcount>" & requestCounter & "</requestcount></server></xmlresponse>")
        'returns the first two parameters, and the time and date
    End Function

    Private Shared Function _ReturnXML(_result As String) As Stream
        Dim data = Encoding.UTF8.GetBytes(_result)

        WebOperationContext.Current.OutgoingResponse.ContentType = "text/xml; charset=utf-8"
        WebOperationContext.Current.OutgoingResponse.ContentLength = data.Length

        Return New MemoryStream(data)
    End Function
End Class

然后我也有类似的代码返回HTML以及接受其他参数的组合。

在我的主类，我实例化并开通此项服务为：

Dim varWebService = New WebServiceHost(GetType(MyWebService), New Uri("http://0.0.0.0/"))
varWebService.Open()

谁能给我提供的代码来实现这个简单的认证？ 或点我彻底的教程？ 谢谢你的帮助

您可以通过它继承编写自定义WebServiceHost和改变像下面的一些默认参数。

在代码中唯一的变化是

Dim varWebService = New AuthenticatedWebServiceHost(GetType(MyWebService), New Uri("http://0.0.0.0/"))

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IdentityModel;
using System.IdentityModel.Selectors;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.ServiceModel.Security;
using System.ServiceModel.Description;

namespace StackOverflow
{
    public class AuthenticatedWebServiceHost : WebServiceHost
    {
        public AuthenticatedWebServiceHost(Type type, Uri url)
        {
            IDictionary<string, ContractDescription> desc = null;
            base.InitializeDescription(type, new UriSchemeKeyedCollection());
            base.CreateDescription(out desc);
            var val = desc.Values.First();

            WebHttpBinding binding = new WebHttpBinding();
            binding.Security.Mode = WebHttpSecurityMode.TransportCredentialOnly;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

            base.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
            base.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNamePasswordValidator();

            base.AddServiceEndpoint(val.ContractType, binding, url);
        }

        //Possible next question:
        //"How can I get the name of the authenticated user?"
        public static string UserName
        {
            get
            {
                if (OperationContext.Current == null) return null;
                if (OperationContext.Current.ServiceSecurityContext == null) return null;
                if (OperationContext.Current.ServiceSecurityContext.PrimaryIdentity == null) return null;
                return OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name;
            }
        }



        public class CustomUserNamePasswordValidator : UserNamePasswordValidator
        {
            public override void Validate(string userName, string password)
            {
                //Your logic to validate username/password
                if (userName != password)
                    throw new SecurityAccessDeniedException();
            }
        }
    }
}