使用当前用户凭据调用 Web 服务
我有一个配置了 Windows 身份验证的自定义 WCF Web 服务和一个需要调用前者的 WPF 客户端应用程序。该服务检查用户名并从数据库中提取一些特定数据。因此,我必须使用运行应用程序的用户的凭据来调用该服务。
问题是我的服务托管在另一个具有 Windows 身份验证的站点下,用户可以使用另一个帐户进行身份验证。 Windows(或 IE?)缓存上次使用的帐户,然后我的客户端应用程序也使用它!
示例:
我在“MYDOMAIN\AdminUser”下输入网站,
我运行以下代码(从客户端应用程序,它不是 Web 代码)
var client = new TestServiceClient();
var currentUser = WindowsIdentity.GetCurrent(); // just informative field nothing more, i don't use it anyhow
// currentUser.Name = "MYDOMAIN\\MyUserName" - it's current value, i'm not trying to set it
client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
var data = client.GetTestData();
服务被“MYDOMAIN\AdminUser”调用。
我知道我可以使用名称和密码创建 NetworkCredential,但我然后必须将其存储在某处,对其进行加密等等。
为了澄清问题:在一个帐户下运行的客户端进程本身调用另一个帐户下的服务,只是因为Windows在幕后为该调用提供了另一个凭据。
I have a custom WCF web-service confugured with windows authentication and a WPF client application that needs to call the former. The service checks the username and pull some specific data from a database. So I have to call the service using credentials of the user running the application.
The problem is my service is hosted under another site with windows authentication and users can authenticate there with another accounts. Windows (or IE?) caches last accout used and then my client app uses it too!
Example:
I enter the website under "MYDOMAIN\AdminUser"
I run following code (from the client app, it's not web code)
var client = new TestServiceClient();
var currentUser = WindowsIdentity.GetCurrent(); // just informative field nothing more, i don't use it anyhow
// currentUser.Name = "MYDOMAIN\\MyUserName" - it's current value, i'm not trying to set it
client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
var data = client.GetTestData();
Service gets called by "MYDOMAIN\AdminUser"..
I know I can create NetworkCredential with name and password but I then will have to store it somewhere, encript it and so on..
To clarify the problem: client process running under one account calls the service under another account by itself, just becouse windows supplies the call with another credentials under the hood.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论