WCF 服务模拟 [英] WCF Service Impersonation
问题描述
大家好...
显然,我没有为我的 WCF 服务正确设置模拟.我不想逐个方法地设置安全性(在实际的代码隐藏中).该服务(目前)是开放的,可供内网上的所有人调用.
所以我的问题是……
问:我缺少哪些网络配置标签?
问:我需要在 web-config 中更改什么才能使模拟工作?
服务 Web.config 看起来像...
<预><代码><配置><system.web><授权><allow users="?"/></授权><身份验证模式=Windows"/><identity impersonate="true" userName="MyDomain\MyUser" password="MyPassword"/></system.web><system.serviceModel><服务><service behaviorConfiguration="wcfFISH.DataServiceBehavior" name="wcfFISH.DataService"><端点地址="" binding="wsHttpBinding" contract="wcfFISH.IFishData"><身份><dns value="localhost"/></身份></端点><endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/></服务></服务><行为><服务行为><行为名称="wcfFISH.DataServiceBehavior"><serviceMetadata httpGetEnabled="false"/><serviceDebug includeExceptionDetailInFaults="false"/></行为></serviceBehaviors></行为></system.serviceModel></配置>如果你总是想模拟客户端,对于所有操作,那么在
<小时>
如果您尝试在应用程序级别进行模拟,那么您通常无法在 WCF 中执行此操作,因为 WCF 并不是 ASP.NET 管道的真正组成部分.
最简单的解决方法是将 WCF 应用程序放入其自己的应用程序池中,并将池的进程标识设置为您要模拟的用户.
另一种方式是开启ASP.NET兼容模式,在
有时您还需要使用以下内容来装饰您的服务:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]但请记住,这将限制您利用许多其他较新的 WCF 功能(如 MSMQ 或 TCP 绑定)的能力.我更喜欢隔离的应用程序池方法.
Good Day Everyone...
Apparently, I'm not setting-up impersonation correctly for my WCF service. I do NOT want to set security on a method-by-method basis (in the actual code-behind). The service (at the moment) is open to be called by everyone on the intranet.
So my questions are…
Q: What web-config tags am I missing?
Q: What do I need to change in the web-config to make impersonation work?
The Service Web.config Looks Like...
<configuration>
<system.web>
<authorization>
<allow users="?"/>
</authorization>
<authentication mode="Windows"/>
<identity impersonate="true" userName="MyDomain\MyUser" password="MyPassword"/>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="wcfFISH.DataServiceBehavior" name="wcfFISH.DataService">
<endpoint address="" binding="wsHttpBinding" contract="wcfFISH.IFishData">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wcfFISH.DataServiceBehavior">
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
If you always want to impersonate the client, for all operations, then add the following to the <behavior> element, i.e. after the <serviceMetadata> element:
<serviceAuthorization impersonateCallerForAllOperations="true" />
If you're trying to impersonate at the application level, then you normally can't do this in WCF, since WCF isn't really part of the ASP.NET pipeline.
The easiest workaround is just to put the WCF application in its own Application Pool and set the process identity of the pool to the user you want to impersonate.
The other way is turn on ASP.NET compatibility mode, adding this to <system.servicemodel>:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
You also sometimes need to decorate your service with:
[AspNetCompatibilityRequirements(
RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
But keep in mind that this is going to limit your ability to take advantage of a lot of other newer WCF features like MSMQ or TCP bindings. I prefer the segregated app pool approach.
这篇关于WCF 服务模拟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
