在 App.config 中使用 WCF 的 Windows 角色身份验证
我正在使用 WCF 服务和 net.tcp 端点,并将 serviceAuthentication 的主体 PermissionMode 设置为 UseWindowsGroups。
目前,在服务的实现中,我使用PrincipalPermission 属性来设置每个方法的角色要求。
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string method1()
我正在尝试做几乎相同的事情,除了在 app.config 中设置角色的配置。 有什么方法可以做到这一点并且仍然使用 Windows 组身份验证吗?
谢谢
I am using a WCF service and a net.tcp endpoint with serviceAuthentication's principal PermissionMode set to UseWindowsGroups.
Currently in the implementation of the service i am using the PrincipalPermission attribute to set the role requirements for each method.
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string method1()
I am trying to do pretty much the same exact thing, except have the configuration for the role set in the app.config. Is there any way to do this and still be using windows groups authentication?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您在 IIS 中托管 WCF 服务,它将在 ASP.NET 工作进程中运行,这意味着您可以像使用 ASMX Web 服务一样配置身份验证和授权:
然后您必须在IIS,并启用Windows 集成身份验证。
在 IIS 管理控制台中,您可以通过打开虚拟目录的“属性”对话框来执行此操作。 然后,您将在“目录安全”选项卡中找到安全设置。
当然,唯一可用的通信通道是 HTTP。 客户端必须在传输级别的请求中使用以下设置提供其 Windows 身份:
请注意,如果您的服务端点使用 wsHttpBinding,那么您还必须添加 SSL到您的端点,因为这是您使用传输级安全性时 WCF 强制执行的要求。
如果您选择 basicHttpBinding,则可以使用 WCF 中提供的不太安全身份验证模式,称为 TransportCredentialOnly,其中 SSL 不可用需要更长的时间。
有关更多详细信息,此处很好地概述了世界CF。
If you are hosting your WCF service in IIS, it will run in the ASP.NET worker process, which means you can configure authentication and authorization as you would do with ASMX web services:
Then you will have to disable anonymous access to your endpoint in IIS, and instead enable Windows Integrated Authentication.
In the IIS management console you do that by bringing up the 'Properties' dialog for your virtual directory. You will then find the security settings in the 'Directory Security' tab.
Of course, the only communication channel available will be HTTP. Clients will have to provide their Windows identity in the request at the transport-level with these settings:
Note that if your service endpoint uses wsHttpBinding then you will also have to add SSL to your endpoint since that's a requirement enforced by WCF when you using transport-level security.
If you instead go for the basicHttpBinding, you are then able to use a less secure authentication mode available in WCF called TransportCredentialOnly, where SSL is no longer required.
For more detailed information, here is a good overview of the security infrastructure in WCF.
Lars Wilhelmsen 发布了针对此问题的解决方案。 看一下
http://www.larswilhelmsen.com/2008/12/17 /可配置-主体权限-属性/
Lars Wilhelmsen has posted a solution for this problem. Have a look at
http://www.larswilhelmsen.com/2008/12/17/configurable-principalpermission-attribute/
如果我理解得很好,您想在运行时选择角色。 这可以通过权限需求来完成在 WCF 操作中。 例如
If I understood well you want to select the role at runtime. This can be done with a permission demand within the WCF operation. E.g.