从 SharePoint 2010 BDC 到 WCF 服务再到 SQL Server 时如何克服双跃点问题
我们有一个 SharePoint 应用程序,需要从 WCF 服务检索外部数据,而 WCF 服务又从 SQL 服务器 (2005) 获取数据。 SharePoint 通过 NTLM 进行身份验证,并且凭据可以转换为 SharePoint 服务器上的声明。
WCF 服务连接到以前由 Web 应用程序访问的数据库(Web 应用程序正在迁移到 SP+WCF)。该数据库已获得许可,因此必须使用最终用户的身份对其进行访问,当客户端 -> Web 应用程序 -> SQL Server 时这很好,但当客户端 -> SharePoint -> WCF 服务 - 时则失败> SQL 服务器。
我已经阅读了一些有关模拟和 c2wts 的内容,我认为这适用于这种情况,但我不确定它如何适合。它应该在 SharePoint 服务器上还是在服务服务器等上?
如何通过 SharePoint 和 WCF 服务保留最终用户的身份以便能够访问 SQL Server?
We have a SharePoint application that needs to retrieve external data from a WCF service, which in turn gets data from an SQL server (2005). SharePoint is authenticated over NTLM, and the credentials can be converted to claims on the SharePoint server.
The WCF service connects to a database previously accessed by a web application (the web application is being migrated to SP+WCF). This database is permissioned so that it must be accessed with the identity of the end user, which is fine when it's client->web app->SQL Server, but fails when it's client->SharePoint->WCF Service->SQL Server.
I've read up a bit about impersonation and c2wts, which I think applies to this situation, but I'm not sure how it fits in. Should it be on the SharePoint server or the service server etc...?
How do I persist the identity of the end user through SharePoint and a WCF service to be able to access the SQL server?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您需要配置 Kerberos 身份验证。提前告诉你,这是一个 PITA。
这里有一些帮助您入门的链接(我在 SP2007 上关注过它们,但如果您使用 SP2010,应该不会有太大差异):
http://blogs.objectsharp.com/cs/blogs/max/archive/2008/08/01/implementing-kerberos-in-sharepoint-running-on-windows-server-2008.aspx< /一>
<一href="http://blogs.msdn.com/b/martinearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx" rel="nofollow">http://blogs.msdn.com/b/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint。 ASPX
You need to configure Kerberos authentication. And to tell you up front, it is a PITA.
Here are some links to get you started (I have followed them on SP2007, but it shouldn't be too much difference if you use SP2010):
http://blogs.objectsharp.com/cs/blogs/max/archive/2008/08/01/implementing-kerberos-in-sharepoint-running-on-windows-server-2008.aspx
http://blogs.msdn.com/b/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
此问题的另一种解决方案是使用安全存储。这将允许您将单个用户映射到为您的 bdc 模型单独存储的凭据,或者将用户组映射到单个凭据。
One other solution to this problem would be the use of the Secure Store. That would let you either map single users to individually stored credentials for your bdc model or groups of users mapped to a single credential.