通过WCF进行身份验证 [英] Authentication via WCF
问题描述
我有一个ASP.NET应用程序,该应用程序通过WCF服务检索/发布数据.我还需要暗示某种用户身份验证,以使用WCF.svc.cs中的几种方法(服务).为此
客户端web.config:
Hi,
I have a ASP.NET application which retrives/posts data via a WCF service. I also need to impliment some kind of UserAuthentication for using few methods(services) in WCF.svc.cs. For this
Client web.config:
<pre lang="xml"><binding name="WSHttpBinding_IBlackboardServices" closeTimeout="00:01:00"<br />
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"<br />
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"<br />
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"<br />
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"><br />
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"<br />
maxBytesPerRead="4096" maxNameTableCharCount="16384" /><br />
<reliableSession ordered="true" inactivityTimeout="00:10:00"<br />
enabled="false" /><br />
<security mode="Message"><br />
<transport clientCredentialType="Basic" proxyCredentialType="Basic"<br />
realm=""/><br />
<br />
<br />
<message clientCredentialType="UserName" establishSecurityContext="false" algorithmSuite="TripleDes"/><br />
</security><br />
</binding></pre><br />
WCF Web.config是:
the WCF Web.config is :
<pre lang="xml"><service behaviorConfiguration="FrontendServices.BlackboardServicesBehavior"<br />
name="FrontendServices.BlackboardServices"><br />
<endpoint address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices"><br />
<identity><br />
<dns value="localhost" /><br />
</identity><br />
</endpoint><br />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /><br />
</service></pre><br />
在BlackboardServices.svc.cs中,方法是:
In BlackboardServices.svc.cs Method is :
<pre lang="cs">[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]<br />
public string DoWork()<br />
{<br />
return "work done";<br />
}</pre><br />
但是,当我调用该方法时,出现了以下错误:
令牌提供者无法获取目标"http://wolf/InsourcesServices/BlackboardServices.svc"的令牌.
But I am getting the folling error when I call the method:
The token provider cannot get tokens for target ''http://wolf/InsourcesServices/BlackboardServices.svc''.
推荐答案
由于您没有提供哪种身份验证,您想要的...您可以使用以下示例.
首先,您将需要一个Active DirectoryUser
和Group
,然后将该User
分配给该Group
.
之后,只需按如下所示更改您的代码即可...
-------------------
As you havent provided what type of authentication do you want... You can use the following example.
First you will need an Active DirectoryUser
andGroup
, and then assign thatUser
to thatGroup
.
After that just change your code as follows...
-------------------
在BlackboardServices.svc.cs中,方法是:
[PrincipalPermission(SecurityAction.Demand,Role ="somerole")]
公共字符串DoWork()
{
返回完成的工作";
}
In BlackboardServices.svc.cs Method is :
[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
public string DoWork()
{
return "work done";
}
代替此用途
Instead of this use
[PrincipalPermission(SecurityAction.Demand, Role = "'your active directory domain'\\active directory group that you just created")]
public string DoWork()
{
return "work done";
}
这将检查呼叫者用户是否是此活动目录组的成员(因此您将在此处获得身份验证和授权).
---------------
this will check whether the caller user is member of this active directory group or not (so you will get authentication and authorization both here).
---------------
WCF Web.config是:
"xml"><已删除的behaviorconfiguration ="FrontendServices.BlackboardServicesBehavior">
name ="FrontendServices.BlackboardServices">
<已移除的地址=" binding ="wsHttpBinding" contract ="FrontendServices.IBlackboardServices">
<已删除的值="localhost">
<已删除的地址="mex" binding ="mexHttpBinding" contract ="IMetadataExchange">
the WCF Web.config is :
"xml"><removed behaviorconfiguration="FrontendServices.BlackboardServicesBehavior">
name="FrontendServices.BlackboardServices">
<removed address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">
<removed value="localhost">
<removed address="mex" binding="mexHttpBinding" contract="IMetadataExchange">
现在在< identity >
部分中,使用
now here in the < identity >
section, use
<servicePrincipalName value="HOST/your web server name"/>
IIS将使用它来根据活动目录对用户进行身份验证. (必须是一台服务器,您不能在本地计算机上执行此操作,而无需在本地计算机上设置spn(使用"setspn"命令))
-----------
this will be used by IIS to authenticate the user against active directory. (it has to be a server you cannot do this from your local computer, without setting spn ( use ''setspn'' command) on your local machine)
-----------
客户端web.config:
"xml"><已删除的名称="WSHttpBinding_IBlackboardServices" closetimeout ="00:01:00">
openTimeout ="00:01:00" receiveTimeout ="00:10:00" sendTimeout ="00:01:00"
绕过ProxyProxyOnLocal ="false" transactionFlow ="false" hostNameComparisonMode ="StrongWildcard"
maxBufferPoolSize ="524288" maxReceivedMessageSize ="65536" messageEncoding =文本"
textEncoding ="utf-8" useDefaultWebProxy ="true" allowCookies ="false">
<已移除maxdepth ="32" maxstringcontentlength ="8192" maxarraylength ="16384">
maxBytesPerRead ="4096" maxNameTableCharCount ="16384"/>
<已删除ordered ="true" inactivitytimeout ="00:10:00">
enabled ="false"/>
<已删除模式="Message">
<已删除clientcredentialtype ="Basic" proxycredentialtype ="Basic">
realm ="/>
<已移除clientcredentialtype ="UserName" Establishmentsecuritycontext ="false" algorithmsuite ="TripleDes">
Client web.config:
"xml"><removed name="WSHttpBinding_IBlackboardServices" closetimeout="00:01:00">
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<removed maxdepth="32" maxstringcontentlength="8192" maxarraylength="16384">
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<removed ordered="true" inactivitytimeout="00:10:00">
enabled="false" />
<removed mode="Message">
<removed clientcredentialtype="Basic" proxycredentialtype="Basic">
realm=""/>
<removed clientcredentialtype="UserName" establishsecuritycontext="false" algorithmsuite="TripleDes">
在这里您需要配置Windows身份验证...
here you need to configure your windows authentication...
<security mode="Message">
<transport realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
------------
最后,在调用Web服务之前,您需要传递在第一步中创建的用户凭据.
即
------------
and at last before calling your webservice you need to pass that user credentials that you have created in first step.
i.e.
YourwcfClient.ClientCredentials.Windows.ClientCredential.Domain = "your active directory domain";
YourwcfClient.ClientCredentials.Windows.ClientCredential.UserName = "that user name you have created in step 1";
YourwcfClient.ClientCredentials.Windows.ClientCredential.Password = "valid password for that user";
//现在在这里调用您的方法
//即YourwcfClient.DoWork();
现在只有该活动目录组中的用户才能调用此Web服务.
嗯...希望对您有帮助...:)
// now call your method here
// i.e. YourwcfClient.DoWork();
now only users who are in that active directory group can call this web service.
huh... I Hope this will help... :)
这篇关于通过WCF进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!