WCF 使用用户名身份验证和消息安全性
我正在开发一个 ASP.NET 应用程序,它将(广泛)调用 WCF 服务。 现在,我显然正在经历某种精神崩溃,因为我一生都无法正确地理解它。
我正在使用带有消息安全性和用户名的 ClientCredentialType 的 ws2007HttpBinding。 WCF 使用 ASP.NET 成员资格提供程序来验证用户的凭据。
这一切都工作正常,但我显然需要在每次调用中包含用户详细信息:
var service = new MyService.MyServiceClient();
service.ClientCredentials.UserName.UserName = "my_username";
service.ClientCredentials.UserNane.Password = "mypassword";
.... etc ...
service.Close();
现在,这在登录页面上很容易,因为用户刚刚向我们提供了他们的用户名和密码。 当我们需要使用用户凭据调用另一个服务时,我不喜欢存储密码以供以后使用。
我错过了一些明显的东西吗? 我读过有关令牌等的内容,但我不完全确定如何实施此类事情。 我花了一整天的时间搜索和阅读,但我仍然不确定,所以您能提供的任何帮助将不胜感激!
I am developing an ASP.NET application which will be calling (extensively) WCF services. Now, I am obviously having some kind of mental melt down as I can't for the life of me get this wrapped around my head correctly.
I am using ws2007HttpBinding with Message security and ClientCredentialType of UserName. The WCF is using the ASP.NET Membership provider to validate the user's credentials.
This all works fine but I obviously need to include the user details in ever call:
var service = new MyService.MyServiceClient();
service.ClientCredentials.UserName.UserName = "my_username";
service.ClientCredentials.UserNane.Password = "mypassword";
.... etc ...
service.Close();
Now, this is easy from the login page as the user has just given us their username and password. I am not comfortable with storing the password for use later on down the road when we need to call another service with the users credentials.
Am I missing something obvious? I have read about tokens etc but I not entirely sure how to go about implementing that kind of thing. I have spent all day searching and reading and I am still unsure, so any help you can give will be greatly appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最简单的方法可能是将密码存储在自定义身份中。 在理想的情况下,您将使用 Kerberos 和委派等。 查找有关模拟和委托的更多信息。
相当不错的文章:
http://msdn.microsoft.com/en -us/library/ms998358.aspx#paght000025_usingimpersonation
但是所有这些东西都不适用于会员资格提供商。 您需要使用 Active Directory 进行 Windows 身份验证。
这个主题不太容易......只是一个想法:您真的需要使用交互式登录用户的凭据在 Web 服务上进行身份验证吗?
有点HTH,
亚历克斯
The easiest way might be really to store the password in a custom indentity. In an ideal world you would use e.g. Kerberos and delegation. Look for further information about impersonation and delegation.
Quite a good article:
http://msdn.microsoft.com/en-us/library/ms998358.aspx#paght000025_usingimpersonation
But all this stuff does not work with a membership provider. You need Windows authentication with an Active Directory.
This topic is not a too easy one... just as an idea: do you really need to authenticate at the web service with the credentials of the interactivly logged on user?
HTH a bit,
Alex