WCF,Active Directory身份验证|在SQL组合授权和用户配置文件 [英] WCF, active directory authentication|authorization and user profiles in sql combination
问题描述
我正在开发将托管应用程序的业务逻辑的WCF服务。该应用程序主要是为企业内部网,但可以从互联网进行访问。我们有一个Active Directory域和运行,所以打算验证,并根据他们的用户名和团体,他们都在这个服务将被用于主要是一个ASP.NET MVC的网站用户进行授权
I'm developing a WCF service that will host business logic of the application. The application is mostly for intranet, but can be accessed from internet. We have an active directory domain up and running, so I plan to authenticate and authorize users according to their username and groups they are in. This service will be used mostly be an ASP.NET MVC site
所以,第一个问题是如何根据他们的AD个人资料进行身份验证和授权用户?
So, first question is how to authenticate and authorize users based on their AD profile?
其次,我需要存储有关每个用户的其他信息。问题是,我不能修改AD方案。添加的字段的数量为约10左右。
Secondly, I need to store additional info about each user. The problem is that I can't modify AD scheme. The number of added fields is about 10 or so.
我可以以某种方式使用SQL服务器进行文件存储?当然,我可以,但如何与AD权威性配合呢?
Can I somehow use SQL server for profile storage? Of course I can, but how to tie this with AD auth?
推荐答案
您可以使用WIF这一点。
You can use WIF for this.
您会配置WIF的WCF服务以正常的方式,然后使用自定义的 ClaimsAuthenticationManager 类从基地派生 ClaimsAuthenticationManager 并覆盖其验证方法。这是WIF的正常可扩展性点。 WIF会
掌握安全令牌的从传入的请求,并为每个相关的AD属性添加的权利要求。在您的身份验证方法的覆盖,将添加新的要求重新present你额外的属性。
You would configure your WCF service for WIF in the normal way and then use a custom ClaimsAuthenticationManager class deriving from the base ClaimsAuthenticationManager and overriding its Authenticate method. This is a normal extensibility point of WIF. WIF will
get hold of the security token from the incoming request and add claims for each of the relevant AD properties. In your override of the Authenticate method, you will add new claims to represent your extra properties.
基本使用WIF的WCF服务的描述如下:
The basic use of WIF for WCF services is described here:
http://msdn.microsoft.com/en-us/library/ ee748476.aspx
要了解如何使用ClaimsAuthenticationManager,从这里开始:
To see how to use ClaimsAuthenticationManager, start here:
http://msdn.microsoft.com/en-us/library/ ee748211.aspx
这篇关于WCF,Active Directory身份验证|在SQL组合授权和用户配置文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
