针对ActiveDirectory用户的WCF服务身份验证/授权 [英] WCF service authentication/authorization against an ActiveDirectory user
问题描述
您好,我们想使用 Active Directory 作为用户存储库来进行身份验证和授权 在IIS中托管的WCF服务.
Hi, We want to use Active Directory as a User Store for the authentication and authorization of a WCF service hosted in IIS.
看来我们可以从Microsoft示例代码(#How:使用自定义用户名和密码验证器)开始并对其进行增强,以查找Active Directory用户并授权该用户执行基于以下内容的WCF方法:活动中定义的角色 目录.
It looks like we can start with the Microsoft sample code (#How to: Use a Custom User Name and Password Validator) and enhance it to look for an Active Directory user and Authorize that user to execute a WCF method based on the role defined in Active Directory.
我正在寻找Microsoft的示例代码,该代码可以对IIS中托管的WCF服务进行身份验证和授权.
I am looking for a sample code from Microsoft which can do authentication and authorization of a WCF service hosted in IIS.
我们有一些技术要求.
- 使用TransportWithMessageCredentials进行消息级身份验证的WCF服务.这样,我们可以从传输层和消息身份验证中获得性能优势
- 我基于Internet的应用程序应用程序.我们无法使用Windows身份验证,因为不能在多个组织之间共享用户名和密码凭据.那是 创建自定义用户名和密码身份验证的原因,其中凭据与其他组织共享,但只能调用WCF服务.
- WCF service with Message level authentication using TransportWithMessageCredentials. This way we get a performance benefit from the Transport layer and message authentication using username and password at the Message level.
- Internet-based application application. We can't use windows authentication because username and password credentials can't be shared across multiple organizations. That's the reason to create a custom username and password authentication where credentials are shared with other organization but it can only invoke the WCF service.
- User Store - Active Directory
- 当客户端调用WCF服务时,自定义用户名和密码用户存储在 Active Directory.
- 一旦身份验证成功, 授权的作用是,根据 Active Directory .
- When a client invokes the WCF service, custom username and password Validate method will be used for authentication. Authentication will be done against User store in the Active Directory.
- Once authentication is successful, Authorization will be done to allow/deny access to a user based on the role defined in the Active Directory.
Microsoft是否为此提供了示例代码?
谢谢
Jay Patel
Jay Patel
推荐答案
>>这就是创建自定义用户名和密码身份验证(与其他组织共享凭据的原因)的原因
>>That's the reason to create a custom username and password authentication where credentials are shared with other organization
您是否要在Active Directory中为其他组织用户创建用户名和密码?如果是这样,基本身份验证是否可以满足您的要求?通过针对Microsoft ActiveDirectory®使用用户名和密码对客户端进行身份验证 目录服务.如果是这样,则无需实施自定义用户名和密码验证,该验证由AD进行.但是,恐怕在您的Active Directory中为外部用户创建帐户是不合理的.
Do you mean you will create user name and password for other organization users in the Active Directory? If so, will Basic authentication meet your requirement? The client is authenticated by using the username and password against the Microsoft Active Directory® directory service. If so, there is no need to implement custom user name and password validation, it is validated by AD. But, I am afraid it is not reasonable to create accounts for external user in your Active Directory.
说实话,我建议使用SQL Server成员资格存储.安装SQL Server应该不是问题. SQL Server成员资格存储说服将在WCF中使用,并且说服管理用户.
To be honesty, I recommend to use SQL Server membership store. Installing SQL Server should not be an issue. SQL Server membership store is convince to be used in WCF and it is convince to manage the user.
对于身份验证,下面的链接可能对您有用.
For Authentication, the link below might be useful to you.
#Authentication
#Authentication
https://msdn.microsoft.com/en-us/library/ff647034.aspx #Authentication3
这篇关于针对ActiveDirectory用户的WCF服务身份验证/授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
