具有最终客户端身份的SOAP头 [英] SOAP Header with identity of final client

问题描述

该环境是基于内部服务的应用程序，运行在带有WCF的Windows环境中。

• 使用Windows身份验证验证最终客户端的ASP.NET Web应用程序和Web服务，并使用ASP.NET角色将Thread.CurrentPrincipal设置为合适的RolePrincipal。这些应用程序都在自己的服务帐户下运行，这是一个域帐户，并被视为可信的子系统。

一些后端WCF Web服务只能由这些可信的中间层应用程序访问。他们使用Windows身份验证来限制对这些应用程序所使用的服务帐户的访问。 现在我们需要后端服务来审计最终客户端的身份，这些客户端调用中间层应用程序会导致对后端服务的调用。




为了避免产生任何错误应用程序发生了变化，我正在考虑编写一个端点行为，它将带有最终客户端身份的SOAP Header插入到发送给后端服务的请求中。请注意，中间层应用程序是受信任的，因此不需要对此SOAP Header进行身份验证。





我想到这个要求可能不是唯一的，所以之前为此我创建了自己的SOAP Header我想问一下在这个领域是否存在任何可以重用的标准？ 解决方案

这听起来像你在WCF模拟后，检查出 MSDN链接或Google的搜索字词获取更多信息。我从来没有用过它，所以不能完全建议，但希望这是你以后的。祝你好运

编辑：WCF OperationContext是否不通过第二阶段的身份？ （OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name）

The environment is in-house service based applications running in a Windows environment with WCF.

• There are several "middle-tier" ASP.NET Web Applications and Web Services that authenticate the final client using Windows authentication, and use ASP.NET Roles to set Thread.CurrentPrincipal to a suitable RolePrincipal. These applications each run under their own service account, which is a domain account, and are considered to be trusted subsystems.

• Some back-end WCF web services that may only be accessed by these trusted "middle-tier" applications. They use Windows Authentication to limit access to the service accounts used by these applications.

We now have a requirement for the back-end services to audit the identity of the final client whose call to the middle-tier application resulted in the call to the back-end service.

To avoid making any application changes, I was thinking of writing an endpoint behavior which inserts a SOAP Header with the final client's identity into the request sent to the back-end service. Note that the middle-tier applications are trusted, so no authentication of this SOAP Header would be required.

It occurred to me that this requirement may not be unique, so before I invent my own SOAP Header for this purpose I thought I'd ask if there exist any standards in this area I could reuse?

解决方案

It sounds like you're after WCF Impersonation, check out the MSDN Link or Google that search term for more info. I've never used it myself so can't fully advise, but hopefully it's what you're after. Good luck

Edit: Does the WCF OperationContext not carry through the identity to the second phase? (OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name)

这篇关于具有最终客户端身份的SOAP头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！