如何以编程方式使用集成的Windows身份验证? [英] How to programmatically use integrated windows authentication ?
本文介绍了如何以编程方式使用集成的Windows身份验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个3层的Windows应用程序.单击此链接: http://support.microsoft.com/kb/810572
1-我已配置IIS使用``集成Windows身份验证'',
2-将Web服务的web.config配置为``身份验证模式= Windows,模拟= true''.
3-然后,我已经配置了活动目录,以允许信任应用服务器计算机进行委派.
不需要步骤3的客户端代码中需要进行哪些更改?
I have a 3-tiered windows application. Following this link : http://support.microsoft.com/kb/810572
1 - I have configured IIS to use 'integrated windows authentication',
2 - configured web.config of the web service to 'authentication mode = windows, impersonate = true'.
3 - I have then configured the active directory to allow application server computer to be trusted for delegation.
What are the changes needed in the client code which do not require step 3 ?
推荐答案
IIS和后端服务器之间的机器跃点,并且您希望工作进程使用客户端的标识,那么您必须执行步骤三,这是成功委派的必要条件.如果没有第二跳,则没有必要执行第三步.
为使委派工作,客户端还必须指定委派模拟级别.如果您在客户端使用WWSAPI(如本论坛中的帖子所暗示),那么您将很不走运,因为当您进行HTTP协商标头身份验证时,WWSAPI客户端无法将委托指定为模拟级别.在Windows 7版本中,WWSAPI客户端始终使用模拟作为模拟级别. WCF客户端确实允许您将委派设置为模拟级别.有关WCF和WWSAPI在标头身份验证中的详细比较,请参阅我的博客文章:
Hi,
If there is a machine hop between IIS and the backend server and you want the worker process to use the client's identity, then you have to do step three, which is required for successful delegation. If there is no second hop, then step three is not necessary.
For delegation to work, the client must also specify delegation impersonation level. If you are using WWSAPI on the client side (as implied by your post in this forum), you are out of luck as there is no way for the WWSAPI client to specify delegation as the impersonation level when you are doing HTTP Negotiate header authentication. In the Windows 7 release, WWSAPI client always uses impersonation as the impersonation level. WCF client does allow you to set delegation as the impersonation level. For detailed comparison of WCF and WWSAPI in header authentication, please refer to my blog post: http://blogs.msdn.com/haoxu/archive/2009/03/13/wwsapi-to-wcf-interop-7-http-header-authentication-part-1.aspx.
Hope this helps,
Hao
这篇关于如何以编程方式使用集成的Windows身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
