允许基于 web.config 中设置的组访问 WCF
我创建了一个使用 Windows 身份验证的 WCF 服务,并希望将其设置为仅当用户位于 Windows 组中时才能访问它。我目前在代码中使用以下属性来实现这一点,
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\MyGroup")]
问题是如果我想更改组,我必须在每个方法上执行此操作并进行编译。有没有办法让我可以在配置文件中设置有权访问整个服务的组?
我在我的配置文件中尝试了以下操作,但这似乎不起作用
<security>
<authentication>
<windowsAuthentication authPersistSingleRequest="true" enabled="true"/>
</authentication>
<authorization>
<add accessType="Allow" roles="Domain\MyGroup" />
</authorization>
</security>
I have created a WCF service that uses windows authentication and would like to set it so it can only be accessed if the user is in a Windows group. I Currently use the following attribute in code to make this happen
[PrincipalPermission(SecurityAction.Demand, Role = "Domain\MyGroup")]
Problem with this is I have to do it on each method and compile if I want to change the group. Is there a way so I can set the group that has access in the config file and for the services as an whole?
I have tried the following in my config file but this does not appear to work
<security>
<authentication>
<windowsAuthentication authPersistSingleRequest="true" enabled="true"/>
</authentication>
<authorization>
<add accessType="Allow" roles="Domain\MyGroup" />
</authorization>
</security>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好吧,我想通了。我设置了如下所示的配置文件
还必须设置
在实现 WCF 合同的类上
我想这意味着我使用 ASP 身份验证而不是 WCF 但我为我工作
Ok I figured it out. I have the config file set like the following
Also had to set
And on my class that implements the WCF contract
I guess this means Im using ASP authentication rather than WCF but I works for me
PrincipalPermission
属性来自 .NET 代码访问安全功能,与 WCF 无关。如果服务托管在 IIS 中,则可以更灵活地执行此操作,此 MSDN 中显示了此操作 WCF 还支持不同的自定义身份验证机制如上所述在这里。The
PrincipalPermission
attribute is from the .NET code access security functionality and isn't related to WCF. A more flexible way to do this if the service is hosted in IIS is shown in this MSDN post. WCF also supports different custom authentication mechanisms as described here.