通过WCF进行身份验证 [英] Authentication via WCF
问题描述
我有一个ASP.NET应用程序,该应用程序通过WCF服务检索/发布数据.我还需要暗示某种用户身份验证,以使用WCF.svc.cs中的几种方法(服务).为此
客户端web.config:
Hi,
I have a ASP.NET application which retrives/posts data via a WCF service. I also need to impliment some kind of UserAuthentication for using few methods(services) in WCF.svc.cs. For this
Client web.config:
<pre lang="xml"><binding name="WSHttpBinding_IBlackboardServices" closeTimeout="00:01:00"<br />
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"<br />
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"<br />
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"<br />
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"><br />
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"<br />
maxBytesPerRead="4096" maxNameTableCharCount="16384" /><br />
<reliableSession ordered="true" inactivityTimeout="00:10:00"<br />
enabled="false" /><br />
<security mode="Message"><br />
<transport clientCredentialType="Basic" proxyCredentialType="Basic"<br />
realm=""/><br />
<br />
<br />
<message clientCredentialType="UserName" establishSecurityContext="false" algorithmSuite="TripleDes"/><br />
</security><br />
</binding></pre><br />
WCF Web.config是:
the WCF Web.config is :
<pre lang="xml"><service behaviorConfiguration="FrontendServices.BlackboardServicesBehavior"<br />
name="FrontendServices.BlackboardServices"><br />
<endpoint address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices"><br />
<identity><br />
<dns value="localhost" /><br />
</identity><br />
</endpoint><br />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /><br />
</service></pre><br />
在BlackboardServices.svc.cs中,方法是:
In BlackboardServices.svc.cs Method is :
<pre lang="cs">[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]<br />
public string DoWork()<br />
{<br />
return "work done";<br />
}</pre><br />
但是,当我调用该方法时,出现了以下错误:
令牌提供者无法获取目标"http://wolf/InsourcesServices/BlackboardServices.svc"的令牌.
But I am getting the folling error when I call the method:
The token provider cannot get tokens for target ''http://wolf/InsourcesServices/BlackboardServices.svc''.
推荐答案
由于您没有提供哪种身份验证,您想要的...您可以使用以下示例.
首先,您将需要一个Active DirectoryUser和Group,然后将该User分配给该Group.
之后,只需按如下所示更改您的代码即可...
-------------------
As you havent provided what type of authentication do you want... You can use the following example.
First you will need an Active DirectoryUserandGroup, and then assign thatUserto thatGroup.
After that just change your code as follows...
-------------------
在BlackboardServices.svc.cs中,方法是:
[PrincipalPermission(SecurityAction.Demand,Role ="somerole")]
公共字符串DoWork()
{
返回完成的工作";
}
In BlackboardServices.svc.cs Method is :
[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
public string DoWork()
{
return "work done";
}
代替此用途
Instead of this use
[PrincipalPermission(SecurityAction.Demand, Role = "'your active directory domain'\\active directory group that you just created")]
public string DoWork()
{
return "work done";
}
这将检查呼叫者用户是否是此活动目录组的成员(因此您将在此处获得身份验证和授权).
---------------
this will check whether the caller user is member of this active directory group or not (so you will get authentication and authorization both here).
---------------
WCF Web.config是:
"xml"><已删除的behaviorconfiguration ="FrontendServices.BlackboardServicesBehavior">
name ="FrontendServices.BlackboardServices">
<已移除的地址=" binding ="wsHttpBinding" contract ="FrontendServices.IBlackboardServices">
<已删除的值="localhost">
<已删除的地址="mex" binding ="mexHttpBinding" contract ="IMetadataExchange">
the WCF Web.config is :
"xml"><removed behaviorconfiguration="FrontendServices.BlackboardServicesBehavior">
name="FrontendServices.BlackboardServices">
<removed address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">
<removed value="localhost">
<removed address="mex" binding="mexHttpBinding" contract="IMetadataExchange">
现在在< identity >部分中,使用
now here in the < identity > section, use
<servicePrincipalName value="HOST/your web server name"/>
IIS将使用它来根据活动目录对用户进行身份验证. (必须是一台服务器,您不能在本地计算机上执行此操作,而无需在本地计算机上设置spn(使用"setspn"命令))
-----------
this will be used by IIS to authenticate the user against active directory. (it has to be a server you cannot do this from your local computer, without setting spn ( use ''setspn'' command) on your local machine)
-----------
客户端web.config:
"xml"><已删除的名称="WSHttpBinding_IBlackboardServices" closetimeout ="00:01:00">
openTimeout ="00:01:00" receiveTimeout ="00:10:00" sendTimeout ="00:01:00"
绕过ProxyProxyOnLocal ="false" transactionFlow ="false" hostNameComparisonMode ="StrongWildcard"
maxBufferPoolSize ="524288" maxReceivedMessageSize ="65536" messageEncoding =文本"
textEncoding ="utf-8" useDefaultWebProxy ="true" allowCookies ="false">
<已移除maxdepth ="32" maxstringcontentlength ="8192" maxarraylength ="16384">
maxBytesPerRead ="4096" maxNameTableCharCount ="16384"/>
<已删除ordered ="true" inactivitytimeout ="00:10:00">
enabled ="false"/>
<已删除模式="Message">
<已删除clientcredentialtype ="Basic" proxycredentialtype ="Basic">
realm ="/>
<已移除clientcredentialtype ="UserName" Establishmentsecuritycontext ="false" algorithmsuite ="TripleDes">
Client web.config:
"xml"><removed name="WSHttpBinding_IBlackboardServices" closetimeout="00:01:00">
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<removed maxdepth="32" maxstringcontentlength="8192" maxarraylength="16384">
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<removed ordered="true" inactivitytimeout="00:10:00">
enabled="false" />
<removed mode="Message">
<removed clientcredentialtype="Basic" proxycredentialtype="Basic">
realm=""/>
<removed clientcredentialtype="UserName" establishsecuritycontext="false" algorithmsuite="TripleDes">
在这里您需要配置Windows身份验证...
here you need to configure your windows authentication...
<security mode="Message">
<transport realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
------------
最后,在调用Web服务之前,您需要传递在第一步中创建的用户凭据.
即
------------
and at last before calling your webservice you need to pass that user credentials that you have created in first step.
i.e.
YourwcfClient.ClientCredentials.Windows.ClientCredential.Domain = "your active directory domain";
YourwcfClient.ClientCredentials.Windows.ClientCredential.UserName = "that user name you have created in step 1";
YourwcfClient.ClientCredentials.Windows.ClientCredential.Password = "valid password for that user";
//现在在这里调用您的方法
//即YourwcfClient.DoWork();
现在只有该活动目录组中的用户才能调用此Web服务.
嗯...希望对您有帮助...:)
// now call your method here
// i.e. YourwcfClient.DoWork();
now only users who are in that active directory group can call this web service.
huh... I Hope this will help... :)
这篇关于通过WCF进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
