如何判断我的 Web 服务在 Visual Studio 2005 中运行的帐户
我有点疯狂地试图理解有关模拟和委托的文档,问题是我的网络服务在哪个帐户下运行。
我在名为 JOHNXP 的开发工作站上以 myDomainName\johna 身份登录。 从 Vstudio2005 开始,我通过调试启动 Web 服务,并且 wsdl 页面出现在我的浏览器中。
从任务管理器中,我在 .asmx 代码中的断点处看到以下内容:
aspnet_wp.exe pid=1316 UserName=ASPNET devenv.exe pid=3304 UserName=johna
托管我的 ws.asmx 代码的虚拟目录的 IIS 目录安全选项卡未选中“启用匿名访问”,并选中“集成 Windows 身份验证”。
因此,当 MSDN 人员声明“您必须配置服务器进程运行的用户帐户”时,在我上面描述的小 Web 服务的情况下,他们指的是什么呢?
我引用的是: http://msdn.microsoft.com/en-us/library/aa302400。最后
,我希望我的这个 Web 服务能够模拟任何经过身份验证的域用户浏览并调用我的 Web 服务。 我的 Web 服务又使用不同服务器(但相同域)上的另一个 ASMX Web 服务。 我需要此远程 Web 服务来使用模拟的域用户凭据(不是 JOHNXP 上我的 Web 服务的凭据)。
因此,对我来说理解这一点有点困难,而且我发现我不清楚我的网络服务使用的帐户。 我认为它是 WinXP 上 IIS 5.1 中的 ASPNET,但不确定。
I'm going a little nuts trying to understand the doc on impersonation and delegation and the question has come up what account my webservice is running under.
I am logged as myDomainName\johna on my development workstation called JOHNXP. From Vstudio2005 I start my webservice via Debug and the wsdl page comes up in my browser.
From Task Manager, I see the following while sitting at a breakpoint in my .asmx code:
aspnet_wp.exe pid=1316 UserName=ASPNET
devenv.exe pid=3304 UserName=johna
The IIS Directory Security tab for the Virtual Directory that hosts my ws.asmx code has "Enable Anonymous access" UNCHECKED and has "Integrated Windows Authentication" CHECKED.
So when the MSDN people state "you must configure the user account under which the server process runs", what would they be refering to in the case of my little webservice described above?
I am quoting from:
http://msdn.microsoft.com/en-us/library/aa302400.aspx
Ultimately, I want this webservice of mine to impersonate whatever authenticated domain user browses through to an invoke of my webservice. My webservice in turn consumes another ASMX webservice on a different server (but same domain). I need this remote webservice to use the impersonated domain user credentials (not those of my webservice on JOHNXP).
So its getting a little snarly for me to understand this and I see I am unclear about the account my web service uses. I think it is ASPNET in IIS 5.1 on WinXP but not sure.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
默认情况下,任何在 ASP.NET 之上运行的应用程序(包括 ASMX Web 服务)都将在 ASP.NET 计算机帐户 (ASPNET) 安全上下文下执行,该上下文在主机上具有受限的权限。
可以通过启用模拟来更改此行为,这将导致 ASP.NET 应用程序在经过身份验证的用户或特定用户帐户的安全上下文下执行。 Web.config 文件中启用模拟:
在 IIS 中启用集成 Windows 身份验证并禁用匿名 Internet 用户帐户时,经过身份验证的用户将是以下用户的 Windows 身份:发出 HTTP 请求的客户端。
打开模拟后,ASP.NET 工作进程在处理请求时将使用相同的身份。
By default any application running on top of ASP.NET (including ASMX web services) will execute under the ASP.NET Machine Account (ASPNET) security context, which has restricted privileges on the host machine.
This behavior can be altered by enabling impersonation, which will cause the ASP.NET application to execute under the security context of the authenticated user, or a specific user account. Impersonation is enabled in the Web.config file:
When Integrated Windows Authentication is enabled in IIS and the anonymous Internet user account is disabled, the authenticated user will be the Windows identity of the client making the HTTP request.
With impersonation turned on, that same identity will be used by the ASP.NET worker process when processing the request.
顺便说一下,除了答案之外,上面其实应该是:
用户名需要大写的N -> 用户名
希望这有帮助
By the way, in addition to the answer,above it should actually be:
The user name needs a capitalised N -> userName
Hope this helps