通过WCF在工作组计算机上进行模拟 [英] Impersonation over WCF on Workgroup machines
问题描述
我们有一个在IIS中运行的asp.net Web应用程序,它是远程计算机上Windows服务的WCF客户端,该应用程序也以本地用户身份运行.客户端可以工作,但是我无法在Windows服务上模拟用户.身份是帐户
服务以运行方式运行,而不是以浏览器上的用户身份运行.两台计算机上的所有用户名和密码都相同.
我了解双跳问题,并且可以在两台域计算机上完成此操作(并且按预期工作),但是我有在工作组计算机上执行此操作的要求.在这种情况下,能否以某种方式让服务模仿最终用户?
这是客户端配置
< system.serviceModel>
< bindings>
< netTcpBinding>
< binding name =" netTcpBinding_ViewServices">
< readerQuotas maxDepth ="32" maxStringContentLength ="500000" maxArrayLength ="100000000" maxBytesPerRead ="4096". maxNameTableCharCount ="16384"; />
< reliableSessionordered ="true"; inactivityTimeout ="00:10:00"; enabled ="false" />
<安全模式=运输">
< transport clientCredentialType ="Windows"; />
< message clientCredentialType ="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
< client>
<端点地址="net.tcp://webserver2:1223/sample/view"; binding ="netTcpBinding"; bindingConfiguration ="netTcpBinding_ViewServices"; contract ="SharedLibrary.ISampleViewServices"
name ="netTcpBinding_ViewServices"
</endpoint>
</client>
</system.serviceModel>
We have a asp.net web application running in IIS that is a WCF client to a windows service on a remote machine, also running as a local user. The client works, but I am unable to impersonate the user on the windows service. The identity is the account the
service is running as, not the user on the browser. All usernames and password are the same on both machines.
I understand the double hop problem, and I can accomplish this on two domain machines (and works as expected), but I have a requirement to do this on workgroup machines. Is it possible somehow to have the service impersonate the end user in this situation?
Here is the client configuration
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding_ViewServices">
<readerQuotas maxDepth="32" maxStringContentLength="500000" maxArrayLength="100000000" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://webserver2:1223/sample/view" binding="netTcpBinding" bindingConfiguration="netTcpBinding_ViewServices" contract="SharedLibrary.ISampleViewServices"
name="netTcpBinding_ViewServices">
</endpoint>
</client>
</system.serviceModel>
这是服务配置
< system.serviceModel>
< bindings>
< netTcpBinding>
< binding name =" netTcpBinding_ViewServices" maxReceivedMessageSize ="500000">
<安全模式=运输">
< transport clientCredentialType ="Windows" />
< message clientCredentialType ="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<服务>
< service behaviorConfiguration =默认" name =" SampleService.Channels.Core">
<端点behaviorConfiguration =" ViewServicesBehavior"地址=查看" bindingConfiguration ="netTcpBinding_ViewServices"; binding ="netTcpBinding"; contract ="SharedLibrary.ISampleViewServices"
bindingNamespace =" http://www.example.com" >
</endpoint>
< host>
< baseAddresses>
< add baseAddress ="net.tcp://webserver2:1223/sample/" />
</baseAddresses>
</host>
</service>
</services>
<行为>
< serviceBehaviors>
<行为名称=默认">
< serviceMetadata httpGetEnabled ="true"; />
< serviceDebug includeExceptionDetailInFaults ="true"; />
</行为>
</serviceBehaviors>
< endpointBehaviors>
<行为名称=" ViewServicesBehavior">
< dataContractSerializer maxItemsInObjectGraph ="2147483647"; />
</行为>
</endpointBehaviors>
</行为>
< client></client>
</system.serviceModel>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding_ViewServices" maxReceivedMessageSize="500000">
<security mode="Transport">
<transport clientCredentialType="Windows" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="default" name="SampleService.Channels.Core">
<endpoint behaviorConfiguration="ViewServicesBehavior" address="view" bindingConfiguration="netTcpBinding_ViewServices" binding="netTcpBinding" contract="SharedLibrary.ISampleViewServices"
bindingNamespace="http://www.example.com" >
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://webserver2:1223/sample/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="default">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ViewServicesBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
<client></client>
</system.serviceModel>
预先感谢.
推荐答案
嗨steinj1945,
Hi steinj1945,
说实话,我没有找到任何文件可以告诉我们WorkGroup计算机是否支持模拟.所有文档均用于描述域"下的模拟.
To be honesty, I did not find any document which could tell us whether Impersonation is supported or not in WorkGroup machines. All the documents are used to describe Impersonation under Domain.
我建议您进行测试以帮助确定是否受支持.
I suggest you make a test to help to decide whether it is supported.
对于Windows安全性,工作组下支持该功能,我建议您使用不带模拟功能的Windows安全性进行测试,是否可以使用?
For windows security, it is supported under workgroup, I suggest you make a test with windows security without Impersonation, will it work?
如果它与Windows安全性兼容,但在启用模拟"时失败.我认为它不受支持.
If it works with windows security, but failed when enable Impersonation. I assume it is not supported.
这篇关于通过WCF在工作组计算机上进行模拟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
