WCF，MSMQ和声明性权限(PrincipalPermission) [英] WCF, MSMQ, and Declarative permissions (PrincipalPermission)

问题描述

我有一个WCF MSMQ服务，我正在尝试使用其声明性权限.我可以在本地和远程发送消息，但是每当添加声明性权限时，我都会收到以下错误消息.

I have a WCF MSMQ service that I'm trying to get declarative permissions working with.  I'm able to send messages locally and remotely, but whenever I add the declarative permissions I'm getting the below error.

System.Security.SecurityException-请求主体权限失败."

System.Security.SecurityException - "Request for principal permission failed."

ServiceSecurityContext.Current.PrimaryIdentity用正确的Identity填写.对于ServiceSecurityContext.Current.WindowsIdentity，IsAnonymous值为true.

The ServiceSecurityContext.Current.PrimaryIdentity is filled out with the correct Identity.  For for the ServiceSecurityContext.Current.WindowsIdentity the IsAnonymous value is true.

我为我的服务创建了一个NetTCP端点，它很好地传递了用户身份.换句话说，我没有安全异常，我的代码也可以正常执行.

I created a NetTCP endpoint for my service and it passes along the users identity just fine.  In other words, I don't get a security exception and my code execute just fine.

有什么想法吗?

推荐答案

没有您的代码，我不知道您是如何添加PrincipalPermission的.然后，请尝试检查以下内容，看看您做错了什么.

Without your code, I do not know how did you add the PrincipalPermission. Then please try to check the following to see if you have done something wrong.

在WCF中，可以使用WCF操作或任何业务组件中的命令权限来完成此操作.只需创建PrincipalPermission对象，初始化要强制执行的值，然后发出Demand().

In WCF this can be done with an imperative permission demand within the WCF operation or any business component. Just create a PrincipalPermission object, initialize the values you want to enforce, and issue the Demand().

public string AdminsOnly()
{
  // unprotected code
    
  PrincipalPermission p = new
PrincipalPermission(null, "Administrators");
  p.Demand();
  
  // protected code
}

在此示例中，如果用户不在Administrators组中，则将引发异常.

In this example, an exception will be thrown if the user is not in the Administrators group.

您还可以放置声明性的 PrincipalPermissionAttribute 在任何WCF操作或业务组件方法上，以在调用该操作或方法之前应用需求:

You can also place a declarative PrincipalPermissionAttribute on any WCF operation or business component method to apply the demand before the operation or method is invoked:

[PrincipalPermission(SecurityAction.Demand, Role =
"Administrators")]
public string AdminsOnly()
{
  // protected code
}

这种方法是可取的，因为它使安全要求与操作中的实际代码脱钩.

This approach is preferable since it decouples the security requirements from the actual code within the operation.

我也不确定您使用的是哪种安全模式，请尝试查看以下文章:
#使用传输安全性在MSMQ中保护邮件的安全性:
http://msdn.microsoft.com/en-us/library/ms789030 (v = vs.110).aspx .

Also I am not sure which security mode you are using, then please try to check the following articles:
#Securing Messages in MSMQ Using Transport Security:
http://msdn.microsoft.com/en-us/library/ms789030(v=vs.110).aspx .

#在MSMQ中保护消息的安全性:使用消息安全性:
http://msdn.microsoft.com/en-us/library/ms789036 (v = vs.110).aspx .

#Securing Messages in MSMQ Using Message Security:
http://msdn.microsoft.com/en-us/library/ms789036(v=vs.110).aspx .

最好的问候，
彭爱美

Best Regards,
Amy Peng

这篇关于WCF，MSMQ和声明性权限(PrincipalPermission)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！