WSSecurityTokenSerializer ReadToken 方法性能
我有一个 Dispatch MessageInspector,它正在反序列化 SOAP 消息标头中包含的 SAML 令牌。
为了进行反序列化,我使用以下代码的变体:
List<SecurityToken> tokens = new List<SecurityToken>();
tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate()));
SecurityTokenResolver outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(tokens), true);
SecurityToken token = WSSecurityTokenSerializer.DefaultInstance.ReadToken(xr, outOfBandTokenResolver);
我看到的问题是 ReadToken 调用的性能因运行 Windows 服务(其中托管 WCF 服务)的帐户而异。
如果服务作为 Windows 域帐户运行,则 ReadToken 调用所花费的时间几乎为零。当作为本地计算机帐户运行时,调用需要 200 到 1000 毫秒。
谁能解释一下这里发生了什么以及为什么运行这段代码的帐户会对其性能产生影响?
谢谢,
马丁
I have a Dispatch MessageInspector which is deserializing a SAML Token contained in the SOAP message header.
To do the deserialization I am using a variation of the following code:
List<SecurityToken> tokens = new List<SecurityToken>();
tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate()));
SecurityTokenResolver outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(tokens), true);
SecurityToken token = WSSecurityTokenSerializer.DefaultInstance.ReadToken(xr, outOfBandTokenResolver);
The problem I am seeing is that the performance of the ReadToken call varies depending on the account that is running the windows service (in which the WCF service is hosted).
If the service is running as a windows domain account the elapsed time for the ReadToken call is virtually zero. When running as a local machine account the call takes between 200 and 1000 milliseconds.
Can anyone shed any light on what is going on here and why the account running this bit of code makes a difference as to its performance?
Thanks,
Martin
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当服务在本地帐户下运行时,会发生相当多的活动,例如:
访问和使用 C:\WINDOWS\system32\atl .dll
尝试访问注册表项,例如
HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
在域帐户下运行时,不会出现任何额外活动。
在互联网上快速搜索“certcli.dll 域用户”会出现 Microsoft 知识库文章 948080,听起来很相似。
不确定如何解决此问题,因为最终会调用 .Net 方法 (WSSecurityTokenSerializer.ReadToken),而您对内部几乎没有控制权。
这似乎也描述了同样的问题:
http://groups.google.com/group/microsoft.public.biztalk.general/browse_thread/thread/402a159810661bf6?pli=1
When the service is running under a local account that there is considerably more activity taking place, examples of this are :
Accessing and using C:\WINDOWS\system32\atl.dll
Attempting to access registry keys e.g.
HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
None of this extra activity appears to occur when running under a domain account.
A quick search on the internet for "certcli.dll domain user" brings up microsoft knowledge base article 948080 which sounds similar.
Unsure how to resolve this as ultimately a .Net method is being called (WSSecurityTokenSerializer.ReadToken) where you have little to no control over the internals.
This appears to also describe the same problem :
http://groups.google.com/group/microsoft.public.biztalk.general/browse_thread/thread/402a159810661bf6?pli=1