WCF,MSMQ和声明性权限(PrincipalPermission) [英] WCF, MSMQ, and Declarative permissions (PrincipalPermission)
问题描述
我有一个WCF MSMQ服务,我正在尝试使用其声明性权限.我可以在本地和远程发送消息,但是每当添加声明性权限时,我都会收到以下错误消息.
I have a WCF MSMQ service that I'm trying to get declarative permissions working with. I'm able to send messages locally and remotely, but whenever I add the declarative permissions I'm getting the below error.
System.Security.SecurityException-请求主体权限失败."
System.Security.SecurityException - "Request for principal permission failed."
ServiceSecurityContext.Current.PrimaryIdentity用正确的Identity填写.对于ServiceSecurityContext.Current.WindowsIdentity,IsAnonymous值为true.
The ServiceSecurityContext.Current.PrimaryIdentity is filled out with the correct Identity. For for the ServiceSecurityContext.Current.WindowsIdentity the IsAnonymous value is true.
我为我的服务创建了一个NetTCP端点,它很好地传递了用户身份.换句话说,我没有安全异常,我的代码也可以正常执行.
I created a NetTCP endpoint for my service and it passes along the users identity just fine. In other words, I don't get a security exception and my code execute just fine.
有什么想法吗?
推荐答案
没有您的代码,我不知道您是如何添加PrincipalPermission的.然后,请尝试检查以下内容,看看您做错了什么.
Without your code, I do not know how did you add the PrincipalPermission. Then please try to check the following to see if you have done something wrong.
在WCF中,可以使用WCF操作或任何业务组件中的命令权限来完成此操作.只需创建PrincipalPermission对象,初始化要强制执行的值,然后发出Demand().
In WCF this can be done with an imperative permission demand within the WCF operation or any business component. Just create a PrincipalPermission object, initialize the values you want to enforce, and issue the Demand().
public string AdminsOnly()
{
// unprotected code
PrincipalPermission p = new
PrincipalPermission(null, "Administrators");
p.Demand();
// protected code
}
在此示例中,如果用户不在Administrators组中,则将引发异常.
In this example, an exception will be thrown if the user is not in the Administrators group.
您还可以放置声明性的 PrincipalPermissionAttribute 在任何WCF操作或业务组件方法上,以在调用该操作或方法之前应用需求:
You can also place a declarative PrincipalPermissionAttribute on any WCF operation or business component method to apply the demand before the operation or method is invoked:
[PrincipalPermission(SecurityAction.Demand, Role =
"Administrators")]
public string AdminsOnly()
{
// protected code
}
这种方法是可取的,因为它使安全要求与操作中的实际代码脱钩.
This approach is preferable since it decouples the security requirements from the actual code within the operation.
我也不确定您使用的是哪种安全模式,请尝试查看以下文章:
#使用传输安全性在MSMQ中保护邮件的安全性:
http://msdn.microsoft.com/en-us/library/ms789030 (v = vs.110).aspx .
Also I am not sure which security mode you are using, then please try to check the following articles:
#Securing Messages in MSMQ Using Transport Security:
http://msdn.microsoft.com/en-us/library/ms789030(v=vs.110).aspx .
#在MSMQ中保护消息的安全性:使用消息安全性:
http://msdn.microsoft.com/en-us/library/ms789036 (v = vs.110).aspx .
#Securing Messages in MSMQ Using Message Security:
http://msdn.microsoft.com/en-us/library/ms789036(v=vs.110).aspx .
最好的问候,
彭爱美
Best Regards,
Amy Peng
这篇关于WCF,MSMQ和声明性权限(PrincipalPermission)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!