ASP.NET、SilverLight、WCF 和表单身份验证 - 如何配置端点?
我有这样的现有环境:
1) ASP.NET 3.5 Web 应用程序
2) 使用 SqlMembershipProvider 进行身份验证
我需要添加以下内容:
1) 嵌入网页中的 Silverlight 图表对象。
2) WCF 服务将由以下人员使用:
a) 嵌入经过身份验证的 Silverlight 组件 网页,如上所述 b) 基于服务器的 WCF 客户端,具有基于证书的身份验证
我的问题是 - 为 Silverlight 对象配置 WCF 端点以使用已登录用户的安全上下文(通过托管 Silverlight 对象的页面)而无需再次使用用户的用户名/密码?
我研究了很多 MSDN 和 Patterns &实践材料,我认为我已经很好地掌握了许多潜在的身份验证场景。但对于我所概述的场景,我似乎无法找到将它们联系在一起的方法。我发现其他人发布了与我类似的问题,但我读过的答案似乎都没有完全回答他们的问题。 (也许我让这比需要的更难?)
我认为解决方案是以某种方式使用在 asp.net 表单登录中生成的身份验证令牌/cookie,并以某种方式将其传递给 Silverlight 对象,然后该对象包括它在 WCF 请求中。但我不知道如何配置 WCF 端点以使用该令牌。
(在我的其他一些项目中,我使用基于证书的身份验证实现了上面 2.b 中的服务器到服务器场景,因此我不太担心将其添加到我概述的当前组合中。)
谢谢提前了解任何见解或前进道路的指示。
特里
I have this existing environment:
1) ASP.NET 3.5 web application
2) forms authentication with the SqlMembershipProvider
I need to add the following:
1) a Silverlight charting object embedded in a web page.
2) a WCF service to be consumed by:
a) the Silverlight component embedded in an authenticated web page, as mentioned above b) server-based WCF clients with certificate based authentication
My question is - what is the easiest/best way to configure the WCF endpoints for the Silverlight object to authenticate to the WCF service using the security context of the already logged-in user (via the page that’s hosting the Silverlight object) without having to use the user's username/password again?
I've researched a lot of the MSDN and Patterns & Practices material and I thought I had a decent grasp of many of the potential authentication scenarios. But I can't seem to figure out a way to tie them together for the scenario I've outlined. I've found other people posting similar questions to mine but none of the answers I've read seem to fully answer their questions either. (Maybe I'm making this harder than it needs to be?)
I would think that the solution would be to somehow use the authentication token/cookie generated in the asp.net form login and somehow pass that to the Silverlight object which then includes it in the WCF request. But I don't see how to configure the WCF endpoint to use that token.
(In some of my other projects I've implemented the server-to-server scenario in 2.b above using certificate-based authentication, so I'm not too worried about adding that to the current mix I've outlined.)
Thanks in advance for any insight or pointers to the path forward.
Terry
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
感谢 codemeit 试图提供帮助,但我终于弄清楚我做错了什么 - 这是飞行员错误。
在尝试为我的 Silverlight 应用程序配置端点时,我正在使用 ASP.NET 页面进行测试。我最终意识到,当我以这种方式进行测试时,客户端端点不再源自经过身份验证的浏览器 - 客户端端点是 IIS 服务器,而 IIS 服务器又对 WCF 服务器端点执行请求。因此,安全上下文发生变化,并且 WCF 服务器端点上的 HttpContext.Current.User.Identity 始终为空。
一旦我的测试 SL 应用程序在浏览器中运行,它就会自动继承经过身份验证的浏览器的安全上下文,然后 HttpContext.Current.User.Identity 正确并在 WCF 服务器端点进行身份验证。
Thanks codemeit for trying to help but I finally figured out what I was doing wrong - it was pilot error.
In trying to configure the endpoints for my Silverlight app I was testing with an asp.net page. I finally realized that when I test that way, the client endpoint is no longer originating from the authenticated browser - the client endpoint is the IIS server which in turn executes the request against the WCF server endpoint. So the security context changes and HttpContext.Current.User.Identity is always empty at the WCF server endpoint.
Once I got my test SL app running in the browser, it automatically inherited the security context of the authenticated browser and then HttpContext.Current.User.Identity was correct and authenticated at the WCF server endpoint.
您是否尝试过启用具有 aspNet 兼容性的 WCF 服务,然后查看以下情况是否属实。
如果这些属性填充了预期值,那么这就是您想要的属性。
要启用 aspNet 兼容性,
请添加到 web.config
,添加到服务 impl 类。
在这种情况下,端点将使用 basicHttpBinding,并且您可以在 WCF 内运行时检查身份验证。
Have you tried to enable your WCF services with aspNet compatibility, then see if the following is true.
if these properties are being populated with the expected values, then this is the one you are after.
To enable aspNet Compatibility
add to web.config
add to the service impl class
In this case, the endpoint would be using basicHttpBinding, and you could check the authentication at run time within WCF.