如何在WCF服务中为自定义绑定配置Windows身份验证? [英] How to configure Windows authentication for custom binding in WCF service?
问题描述
我需要在我的应用程序中使用Windows身份验证以及使用Windows Identity Foundation的基于声明的授权.我已经为服务使用了以下配置.
I need to use Windows authentication in my application along with claim-based authorization using Windows Identity Foundation. I have used following configuration for my service.
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" maxConnections="50" openTimeout="01:20:00" receiveTimeout="20.00:00:00" sendTimeout="00:05:00" closeTimeout="01:20:00">
<security authenticationMode="Kerberos" />
<reliableSession/>
<windowsStreamSecurity protectionLevel="None"/>
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceMetadata httpGetEnabled="True"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
我在尝试和尝试时遇到一些或其他问题,但找不到确定的解决方案.当前,由于需要合同两种方式,但绑定不支持..."错误,该服务无法启动.除此之外,每当尝试在WCF测试客户端中添加服务时,我都会在AuthorizationManager的CheckAccess方法(派生于ClaimsAuthorizationManager)中将userName(authorizationContext.Principal.Identity.Name)设置为null.
I encounter some or other problem as I am working by trial and error but can't find a sure shot solution. Currently the service fails to start because of "Contract required two way, but binding doesn't support..." error. Apart from that previously I was getting userName (authorizationContext.Principal.Identity.Name) as null in the CheckAccess method of AuthorizationManager (derived from ClaimsAuthorizationManager) whenever I try to add the service in WCF Test Client.
基本上,我需要配置服务,以便WCF服务在每次从客户端调用时都获得Windows Principal.
Basically I need to configure service such that the WCF service gets Windows Principal when-ever it gets call from client.
任何帮助将不胜感激.如果需要,我可以提供更多详细信息.
Any help would be appreciated. I can provide more details if needed.
推荐答案
经过反复的尝试,以下配置对我有用.
After much trial and error, the following configuration has worked for me.
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</configSections>
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type = "Framework.Services.Security.PrincipalTransformer, ClaimsAuthorizationService"/>
<claimsAuthorizationManager type="Framework.Services.Security.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" closeTimeout="01:20:00" openTimeout="00:00:30"
receiveTimeout="20.00:00:00" sendTimeout="00:05:00">
<reliableSession />
<windowsStreamSecurity protectionLevel="None" />
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure" suppressAuditFailure="True"/>
<serviceCredentials useIdentityConfiguration="true"/>
<serviceAuthorization principalPermissionMode="Always"/>
<serviceMetadata httpGetEnabled="False"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
</configuration>
这篇关于如何在WCF服务中为自定义绑定配置Windows身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!