调用一个异步WCF服务,而被假冒 [英] Calling an async WCF Service while being impersonated
问题描述
我有一个WCF服务的服务器,其配置为接受Kerberos身份验证上运行。
I have a WCF Service running on a Server, which is configured to accept Kerberos authentication.
Kerberos的正常工作,因此,WCF服务都知道,用户连接到他哪。
该服务提供的一切,异步方法。像这样在这里(只是clearity一个例子)。
Kerberos works fine and the WCF Service therefore knows, which user is connecting to him. The Service offers everything as Async Methods. Like this here (just an example for clearity).
public ExampleService : IExampleService {
public Task<string> GetUsernameAsync() {
return await Task.Run(() => System.Threading.Thread.CurrentPrincipal.Name);
}
}
在客户端上我有一个控制器(它是一个MVC页,但是,这并不重要),这asyncronously调用的方法。
On the Client side I have an Controller (it's an MVC-page, but that does not matter), which calls the methods asyncronously.
public ExampleController {
public async Task<ActionResult> Index() {
using(var serviceClient = ServiceFactory.GetServiceClient())
using(Security.Impersonation.Impersonate())
{
var data = await serviceClient.GetUsernameAsync();
return View(data);
}
}
}
该模拟,因为我不使用等待做工精细,一样长。
The impersonation works fine, as long as I do not use await.
由于任务&LT;&GT; 不流模拟的标识,我想知道是否有一些可能性,更改<$ C的执行用户$ C>任务或做别的事,使这个用例的模拟工作。
Since Task<> does not flow the impersonated identity, I'd like to know if there is some possibility, to change the executing user of the Task or to do anything else to make the impersonation work in this use-case.
我试过一个自定义awaiter(因为它可以与文化在这种情况下进行),但是,这并不在所有的工作(当然,它只是不冒充为好)。
I tried a custom awaiter (as it can be done with Culture in that Case), but that does not work at all (Well it just does not impersonate as well).
推荐答案
好 - 经过一番较为深入的研究,我终于找到了解决如何在异步任务流模拟Windows标识
Okay - after some more in depth research I finally found the solution how to flow impersonated windows identities across asynchronous tasks.
的解决方案是机器范围的和对所有将被设置(在这种情况下)的64位ASP.NET 4.5应用
The solution is machine-wide and will be set for all (in this case) 64bit ASP.NET 4.5 applications.
查找在 aspnet.config 文件 C:\\ WINDOWS \\ Microsoft.Net \\ Framework64 \\ v4.0.30319 (大概这将适用于以后的版本,太)和 legacyImpersonationPolicy 的值更改为false
Find the aspnet.config file in C:\Windows\Microsoft.Net\Framework64\v4.0.30319 (probably this will apply for later versions, too) and change the value of legacyImpersonationPolicy to false
<legacyImpersonationPolicy enabled="false"/>
请一定要重新启动IIS(或重新启动计算机)。结果
那么这将使模拟流动,只要你使用的管理为模拟的方法。在我来说,我模仿与此类似,其正常工作:
Make sure to restart IIS (or reboot the machine).
This will then make Impersonation flowing, as long as you use managed methods for the impersonation. In my case I impersonate similar to this, which works fine:
class Impersonation : IDisposable
{
public static Impersonation Impersonate()
{
return new Impersonation();
}
private WindowsImpersonationContext ImpersonationContext { get; set; }
private Impersonation()
{
var currentIdentity = System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity;
if (currentIdentity != null && currentIdentity.IsAuthenticated)
{
ImpersonationContext = currentIdentity.Impersonate();
return;
}
throw new SecurityException("Could not impersonate user identity");
}
public void Dispose()
{
if(ImpersonationContext != null)
ImpersonationContext.Dispose();
}
}
}
该aspnet.config设置(BTW它没有工作,将其设置在web.config文件。)在此说明:的 http://msdn.microsoft.com/en-us/library/ms229296(v = vs.110)的.aspx (它基本上说,如果这是真的,我们这样做的.NET 1.1的方式)
The aspnet.config setting (btw. it did not work to set it in the web.config file) is explained here: http://msdn.microsoft.com/en-us/library/ms229296(v=vs.110).aspx (it basically says, if this is true, we do it the .NET 1.1 way)
您可以检查,如果Windows标识通过使用这种方法流动与否:
You can check, if the windows identity is flowed or not by using this method:
System.Security.SecurityContext.IsWindowsIdentityFlowSuppressed()
这篇关于调用一个异步WCF服务,而被假冒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
