C#库冒充问题 [英] c# library impersonate problem

问题描述

我正在一个别人编码的网站上工作.该应用程序包含三层.网站，网络服务和图书馆. Web服务可以让其他应用程序调用方法和所有内容.员工可以使用该网站执行查询和所有操作.

I'm working on a website that has been coded by someone else. The application contains three layers. A website, a web service and a library. The Web service is up for other application to call methods and everything. The website is used by workers to performs queries and everything.

问题是:网站使用使用库的Web服务，而不是直接进入库.我想删除Web服务的使用并立即使用该库.不幸的是，当直接从网站调用该库时，该库无法连接外部服务器.

The problem is : The website use the web service that use the library instead of going directly to the library. I want to remove the web service usage and use the library straight away instead. Unfortunately, the library isn't able to connect an external server when called directly from the web site.

Web服务在其Web配置中使用了模拟方法，如下所示:

The web service used the impersonate method in his web config like so :

 <?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
  <compilation defaultLanguage="c#" debug="true" />
  <authorization>
    <allow users="*" />
  </authorization>
  <authentication mode="Windows" />
  <identity
  impersonate="true"
  userName="USERNAME_HERE"
  password="PASSWORD_HERE" />
  <sessionState
      mode="InProc"
      stateConnectionString="tcpip=10.96.8.37:42424"
      sqlConnectionString="data source=10.96.8.37;Trusted_Connection=yes"
      cookieless="false"
      timeout="20" />
</system.web>

当Web服务使用库时，库标识原来是在web.config中指定的用户名.但是当我直接从网站上调用它时，用户原来是:MY_COMPUTER \ ASPNET

When the web service use the library, the library identity turns out to be the username specified in the web.config. But when I call it from the website directly the user turns out to be : MY_COMPUTER\ASPNET

如何成功模拟图书馆本身?

谢谢！

编辑

好的，我想在网站的web.config中添加模拟代码.事实证明，该库使用了正确的用户，但是该请求永远存在，而且永无止境.你知道什么可能是错的吗?

Ok, I thought of adding the impersonate piece of code in the website's web.config instead. It turned out that the library used the correct user but the request takes forever and never end. Do you know what could be wrong?

推荐答案

乍一看，您可以在交易网站的web.config中使用这些条目.

At first glance, you could use these entries in the web.config of your transactional website.

<authorization>
  <allow users="*" />
</authorization>
<authentication mode="Windows" />
<identity
impersonate="true"
userName="USERNAME_HERE"
password="PASSWORD_HERE" />

但是，您确实要确定这是正确的操作，然后再执行.

However you want to be really sure this is the right thing to do before you do it.

安全性是一个棘手的大问题，可以转过身来，让您非常难受.无论您在此处使用哪个用户，都是出于单一目的.它应该完全具有您需要的权限，并且没有其他权限.

Security is a big thorny problem that can turn around and bite you in the ass pretty hard. Whichever user you use here should be single purpose. It should have exactly the permissions you need and no more.

为什么不能在外部服务器上授予MY_COMPUTER \ ASPNET用户权限?

Why can't you give the MY_COMPUTER\ASPNET user permissions on the external server?

有一些方法可以在短时间内模拟，这可能会更彻底地解决您的问题.我会让真正知道该答案的人告诉您这是什么.

There are ways to impersonate for a short time which will probably solve your problem more cleanly. I will let someone who actually knows that answer tell you what it is though.

这篇关于C#库冒充问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！