将 FormsAuthentication cookie 传递给 WCF 服务 [英] Passing FormsAuthentication cookie to a WCF service
问题描述
我有一个与远程 WCF Web 服务通信的网站.两者都使用相同的自定义 FormsAuthentication Provider.我想使用 WCF 服务来模拟当前登录站点的用户进行身份验证.我已经使用 UserName 客户端凭据手动执行此操作,但我需要知道用户密码.所以,到目前为止有效的是:经过身份验证的用户发出请求,我创建一个服务客户端并设置他的凭据:
I have a website that talks to a remote WCF web service. Both use the same custom FormsAuthentication Provider. I would like to authenticate with the WCF service impersonating the user currently logged in the site. I already did this manually, using UserName client credentials but I need to know the user password. So, what works so fart is this: an authenticated user makes a request, I create a Service Client and set his credentials:
serviceClient.ClientCredentials.UserName.UserName = username;
serviceClient.ClientCredentials.UserName.Password = password;
但我真正想要的是直接传递 FormsAuthentication cookie,因为我不想存储用户密码.
But what I really want is to pass the FormsAuthentication cookie directly, because I don't want to store the user password.
有什么想法吗?
推荐答案
听起来您正在寻找 Windows Communication Foundation 身份验证服务.
在更仔细地重新阅读问题之后(以及在 Ariel 的评论之后),我想撤回上述建议.WCF 身份验证服务不会为这种情况增加太多.
After re-reading the question more carefully (and after Ariel's comment) I'd like to retract the above suggestion. The WCF Authentication Service won't add much to this scenario.
我没有在 WCF 和 ASP.NET 之间这样做过,但是我已经将 ASP.NET 应用程序配置为共享表单验证用户,也许我可以提供一些帮助.
I haven't done this between WCF and ASP.NET, however I have configured ASP.NET applications to share forms authenticated users, perhaps I can help in some way.
要确保两个应用程序都可以以相同的方式加密/解密表单身份验证 cookie,您应该为两个应用程序配置 validation、validationKey、decryption 和 decryptionKey 属性.
To ensure that both applications can encrypt/decrypt the forms authentication cookie in the same way you should configure the <machineKey> element for both applications (in web.config or machine.config depending on whether you want to do this at the machine or application level). You should look at the validation, validationKey, decryption and decryptionKey attributes.
确保两个 web.config 文件中的 name、path 和 domain 属性.
Ensure that your <forms> elements in both web.config files are configured similarly. Specifically the name, path and domain attributes.
这很可能仅适用于传入/传出网络浏览器的 cookie(但在这种情况下可能有用):允许 cookie 在网站之间传递 www.foo.com 和bar.foo.com 您可以按如下方式配置 forms 元素,以允许在一个站点上设置 cookie 并成功传递到另一个站点:
It's likely that this only applies to cookies passed to/from a web browser (but may be useful in this case): To allow cookies to be passed between the websites www.foo.com and bar.foo.com you would configure the forms element as follows to allow cookies to be set on one site and successfully passed to the other:
<forms ... domain=".foo.com" ... />
将 cookie 传递给 WCF 服务可能是一个棘手的问题.我对 WCF 不是很熟悉,所以 我改编了 kennyw.com 的代码::>
Passing the cookie to the WCF service is likely to be the tricky bit. I'm not very experienced with WCF, so I've adapted code from kennyw.com:
HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();
httpRequestProperty.Headers.Add(HttpRequestHeader.Cookie, "<Forms Authentication Cookie>");
using (OperationContextScope scope = new OperationContextScope(serviceClient.InnerChannel))
{
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;
serviceClient.MethodName();
}
如果您在 IIS 中托管 WCF(而不是自托管),您可以通过设置
If you're hosting WCF within IIS (and not self-hosting) you can pass the WCF request through the ASP.NET processing pipeline by setting
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" ... />
</system.serviceModel>
如果您是自托管,您可以使用 OperationContext.Current.IncomingMessageProperties 中传入消息的属性检查请求标头,并获取表单身份验证 cookie 值并使用 FormsAuthentication.Decrypt(string).
If you're self hosting you could examine the request headers using the incoming message's properties in OperationContext.Current.IncomingMessageProperties and get the forms authentication cookie value and decrypt it using FormsAuthentication.Decrypt(string).
我不知道这些是否可行,但很想知道是否可行!
I have no idea whether any of this would work, but would love to hear if it does!
这篇关于将 FormsAuthentication cookie 传递给 WCF 服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
