如何将 Windows 身份验证凭据从客户端传递到 Web API 服务 [英] How to pass Windows Authentication credential from client to Web API service

问题描述

在我的公司环境中，我有 IIS7.5 托管一个 Web API 服务和一个单独的网站，该网站通过 RestSharp 库调用该服务.两者当前都配置了 Windows 身份验证.

Inside my corporate environment, I have IIS7.5 hosting both a Web API service and a separate website which makes calls into that service via the RestSharp library. Both are currently configured with Windows Authentication.

如果我使用浏览器导航到其中任何一个，系统会提示我输入我的 Windows 凭据，并且一切正常……我得到了我想要的网页，REST 服务会输出我的数据.我正在努力弄清楚的部分是如何使用单个凭据对两者进行身份验证.我不知道如何将网站的凭据传递给服务(我尝试模拟但没有奏效)，或者手动提示用户输入用户名/密码，然后使用Windows"对其进行身份验证.

If I navigate to either one with a browser, I'm prompted to enter my windows credential, and everything works great... I get web pages that I want and the REST service spits out my data. The part I'm struggling to figure out is how to use a single credential to authentication both. I can't figure out how to either pass the Website's credential to the service (I tried impersonating but it didn't work), or to manually prompt the user for username/password and then authenticate them with "Windows".

帮助菜鸟?

推荐答案

如果您在网站上使用模拟并且 API 在同一台服务器上运行，它应该可以工作.

If you use impersonation on your web site and the API is running on the same server it should work.

http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx

但是，如果您将 API 移到与站点不同的服务器，这将停止工作.两台服务器设置需要 Kerberos 委派.

However, if you would move the API to a different server from the site this will stop working. A two-server setup requires Kerberos delegation.

这篇关于如何将 Windows 身份验证凭据从客户端传递到 Web API 服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！