使用受定义组或用户限制的 Windows 身份验证保护托管在 IIS 7 中的 WCF 服务
如何配置 IIS 7 中托管的 wcf 服务以仅允许定义的用户/组进行访问。
现有配置:
<authentication mode="Windows"/>
<services>
<service name="MyService.Test" behaviorConfiguration="MyService.TestBehavior">
<endpoint address="" binding="wsHttpBinding" contract="MyService.ITest">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyService.TestBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
然后我想在 web.config 或文件或文件夹的文件系统中配置权限(用户或组)。
How to configure a wcf service hosted in IIS 7 to enable access for only defined users / groups to.
Existing configuration:
<authentication mode="Windows"/>
<services>
<service name="MyService.Test" behaviorConfiguration="MyService.TestBehavior">
<endpoint address="" binding="wsHttpBinding" contract="MyService.ITest">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyService.TestBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
I want then to configure permissions (users or groups) either in the web.config or in the file system on files or folder.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,如果您处于 Intranet 环境中,您可以而且应该切换到 netTcpBinding - 它更快,更灵活,没有人可以从外部调用(超出您的防火墙) - 完美。
接下来 - 默认情况下,您使用 wsHttpBinding 和 netTcpBinding 打开 Windows 凭据。 在 WCF 世界中,您通常不会保护文件或文件夹 - 您需要保护的是服务调用 - 并且使用 Windows 凭据很容易做到这一点 - 只需向您的服务实现添加一个 PrimaryPermission 属性,然后您就完成了
:工作得很好。
如果您确实需要保护文件和文件夹,您始终可以使用 web.config 文件并根据 Windows 用户名和组指定常用的访问权限 - 但这实际上与 WCF 无关。
马克
First of all, if you're in an intranet environment, you could and should switch to netTcpBinding - it's faster, it's more flexible, no one can call in from the outside (beyond your firewalls) - perfect.
Next - you have Windows credentials turned on by default with wsHttpBinding and with netTcpBinding. In a WCF world, you wouldn't typically secure files or folders - what you'd secure are service calls - and doing so is easy with Windows credentials - just add a PrincipalPermission attribute to your service implementation, and you're done:
Should work just fine.
If you really need to secure files and folders, you can always use the web.config file and specify the usual access permissions based on Windows user names and groups - but that has nothing to do with WCF, really.
Marc