ASP.NET网站 - > WCF服务 - > WCF服务,以模拟所有的方式? [英] ASP.NET website -> WCF service -> WCF service, with impersonation all the way?
问题描述
总之我的情况是,像这样:
In short my scenario is like so:
- 在用户触发在Web浏览器的操作,这会导致一个Ajax调用在Web服务器的Web服务(服务器A 的)。
- 在Web服务器发出调用WCF服务,托管在IIS( B服务器的)
- 在WCF服务发出调用另一个WCF服务,托管在IIS(服务器C上的)
- The user triggers an action in the web browser, which causes an Ajax call to a web service in the web server (server A).
- The web server issues a call to a WCF service, hosted in IIS (server B)
- The WCF service issues a call to another WCF service, hosted in IIS (server C)
所有的网站都暴露在HTTP,HTTPS不是
All web sites are exposed over http, not https.
现在,服务器C上需要知道用户是谁在另一端。我得到了它,到目前为止,这样的WCF服务调用服务器B的模拟下进行工作,所以服务器B具有的WindowsIdentity
对象重新presenting用户。然而,当我尝试调用从服务器B上的服务呼叫服务器℃在模仿,我得到以下回:
Now, server C needs to know who the user is in the other end. I got it working so far so that the WCF service call to server B is performed under impersonation, so server B has a WindowsIdentity
object representing the user. However, when I try to invoke the service call from server B to server C under impersonation, I get the following back:
System.ComponentModel.Win32Exception: No credentials are available in the security package
Server stack trace:
at System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(String package, CredentialUse intent, AuthIdentityEx& authdata)
at System.ServiceModel.Security.SecurityUtils.GetCredentialsHandle(String package, NetworkCredential credential, Boolean isServer, String[] additionalPackages)
at System.ServiceModel.Security.SpnegoTokenProvider.OnOpening()
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpening()
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
扭捏服务绑定都给予我喜欢在冰上行走这么瘦,我几乎是在水上行走,让我们不顾从我的失败,到目前为止,并开始用干净的纸。
Tweaking service binding feels for me like walking on ice so thin that I am almost walking on water, so let's disregard from what I have failed with so far, and start with a clean sheet.
我应该如何配置这些服务相互发挥很好(和我)?
How should I configure the services to play nicely with each other (and me)?
推荐答案
据微软称,你需要使用一种叫代表团,而如果我理解正确的话,则指定服务器C信任服务器B正确地验证用户从服务器A。
According to Microsoft, you need to use something called "Delegation", which if I understand correctly, is specifying that Server C trusts Server B to properly authenticate the user from Server A.
如果没有委派,您的服务器B服务只能访问本地资源,从服务器A上的模拟用户。
Without Delegation, your service on Server B can only access local resources as the impersonated user from Server A.
从马的嘴: http://msdn.microsoft.com/en -us /库/ cc949014.aspx
这篇关于ASP.NET网站 - > WCF服务 - > WCF服务,以模拟所有的方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!