Windows 身份验证、自定义权限、WCF、Active Directory
我有一个客户端/服务器项目,与 WCF 通信(目前为命名管道,但这可能会改变 - 但我无法使用 IIS)。 该项目与 Active Directory 集成。
该程序旨在通过充当某种代理来授予用户通常没有权限的权限。 用户使用客户端“请求”执行任务。 然后,只要满足某些条件,服务器就会为客户端执行任务。
这些标准之一是允许用户请求此任务。 我的 WCF 服务需要一种方法来保证用户的身份,将其与数据库进行比较,然后执行任务或拒绝任务。
我如何使用 Windows 身份验证来保证用户 100% 真实可信?
预先感谢,
迈克
I have a client/server project, communicating with WCF (Named Pipes for now, but that can change - but I cannot use IIS). This project is integrated with Active Directory.
This program is designed to give users permissions that normally don't have permissions, by acting as a sort of proxy. The user uses the client to "request" a task to be performed. The server then performs the task for the client, as long as certain criteria are met.
One of these criteria is that the user is allowed to request this task. I need a way for my WCF service to guarantee the identity of the user, compare it to a database, and either perform the task, or deny the task.
How would I use Windows Authentication to guarantee 100% that the user is who they say they are?
Thanks in advance,
Mike
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
命名管道唯一允许的身份验证类型是 Windows 身份验证(滚动向下到 netNamedPipeBinding)。 例如,您可以声明性地模拟...
一旦您身份,您知道 Windows 已正确验证该用户,并且您可以根据数据库中的身份检查该身份。
The only allowed type of authentication for Named Pipes is Windows Authentication (scroll down to netNamedPipeBinding). You can do the impersonation declareatively for example ...
Once you have the identity, you know that Windows has properly authenticated this user and you can check that identity against what you have in your DB.
您可以创建自定义 ServiceAuthorizationManager 并实施验证针对 CheckAccessCore 中的用户数据库。
请参阅如何:为服务创建自定义授权管理器。
You can create a custom ServiceAuthorizationManager and implement the validation against your user db in CheckAccessCore.
See How to: Create a Custom Authorization Manager for a Service.