ASP.NET 到 WCF - 直通安全性?
我有一个位于 WCF 服务之上的 MVC 网站。 WCF 服务还可以通过使用消息安全和证书的用户名/密码身份验证通过 Internet 进行访问。这是设置和工作。
网站和服务都使用相同的会员商店,使用会员 API。
用户可以使用相同的凭据登录网站或服务。但是,当网站调用该服务时,需要传递当前登录用户的凭据。我可以获取用户名
Membership.GetUser().UserName
,但无法获取密码!
是否有另一种方法可以将网站用户凭据传递给服务?
任何帮助非常感谢...
I have a MVC website that sits on top of a WCF service. The WCF service is also accessible to the internet with username/password authentication using message security and certificates. This is setup and working.
Both the website and the service use the same membership store, using the membership API.
A user can log onto either the website or the service using the same credentials. However, when the website calls the service, it needs to pass the credentials of the currently logged on user. I can get the username from
Membership.GetUser().UserName
but I can't get the password!
Is there another way to essentially pass the website user credentials to the service?
Any help much appreciated...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是一个非常奇怪的建筑。为什么要对用户进行两次身份验证?只需为 MVC 设置不同的端点 (net.pipe) 即可避免二次身份验证。如果您还需要了解服务上经过身份验证的用户,您有两种选择,具体取决于对 MVC 应用程序的信任:
编辑:有相关帖子有类似的问题。您可以找到其他建议。
this is very strange architecture. Why to authenticate user twice? Just set up different endpoint (net.pipe) for your MVC and avoid second authentication. If you need to know authenticated user on the service as well you have two choices dependend on the trust to your MVC application:
Edit: There is related post with similar question. You can find there another suggestions.