混合身份验证模式:使用 WCF 通过 HTTPs 发送 Kerberos 令牌和用户名令牌
是否可以使用 WCF 通过 HTTPs 发送用户名令牌和 kerberos 令牌?
我们能够使用自定义绑定,并将身份验证模式设置为“UserNameOverTransport”,这将根据 OASIS Web 服务安全标准在 SOAP 标头中包含用户名令牌。
或者,可以将身份验证模式设置为“KerberosOverTransport”,这将在 SOAP 标头中包含 Kerberos 令牌。
但是,我们尝试通信的服务需要使用 kerberos 令牌和 kerberos 令牌进行身份验证。用户名令牌。现有的认证方式似乎无法实现。
Is it possible to send both username token and the kerberos token over HTTPs with WCF?
We are able to use custom binding with authentication mode set to 'UserNameOverTransport', which will include a username token in the SOAP header as per OASIS web services security standard.
Alternatively can set the authentication mode to 'KerberosOverTransport', which will include a Kerberos token in the SOAP header.
However the service we are trying to communicate has a requirement to authenticate use both kerberos token & username token. It doesn't seem to be possible with the existing authentication modes.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
该令牌(是 Kerberos 令牌)实际上嵌入了用户名。因此,如果您需要与需要两者的服务进行通信,那么您将需要使用
KerberosOverTransport。然后,您需要将令牌传递给 的构造函数WindowsIdentity 需要一个 IntPtr。
构建完成后,您可以通过 名称属性。可以在这里找到几乎您需要的代码(没有位日志记录):
http://kseesharp.blogspot.com/2009/04/c-create-windowsidentity-from-userid.html
The token (which is a Kerberos token) actually has the username embedded in it. So if you need to communicate with a service that requires both then you'll want to use
KerberosOverTransport.You'll then want to pass the token to the constructor of WindowsIdentity which asks for an IntPtr.
Once you have it constructed you can access the username via the name property. A piece of code that is almost what you need (sans the logging in bits) can be found here:
http://kseesharp.blogspot.com/2009/04/c-create-windowsidentity-from-userid.html