允许基于 web.config 中设置的组访问 WCF

发布于 2024-12-17 09:33:36 字数 599 浏览 0 评论 0原文

我创建了一个使用 Windows 身份验证的 WCF 服务,并希望将其设置为仅当用户位于 Windows 组中时才能访问它。我目前在代码中使用以下属性来实现这一点,

[PrincipalPermission(SecurityAction.Demand, Role = "Domain\MyGroup")]

问题是如果我想更改组,我必须在每个方法上执行此操作并进行编译。有没有办法让我可以在配置文件中设置有权访问整个服务的组?

我在我的配置文件中尝试了以下操作,但这似乎不起作用

<security>
   <authentication>
      <windowsAuthentication authPersistSingleRequest="true" enabled="true"/>
   </authentication>
   <authorization>
      <add accessType="Allow" roles="Domain\MyGroup" /> 
   </authorization>
</security>

I have created a WCF service that uses windows authentication and would like to set it so it can only be accessed if the user is in a Windows group. I Currently use the following attribute in code to make this happen

[PrincipalPermission(SecurityAction.Demand, Role = "Domain\MyGroup")]

Problem with this is I have to do it on each method and compile if I want to change the group. Is there a way so I can set the group that has access in the config file and for the services as an whole?

I have tried the following in my config file but this does not appear to work

<security>
   <authentication>
      <windowsAuthentication authPersistSingleRequest="true" enabled="true"/>
   </authentication>
   <authorization>
      <add accessType="Allow" roles="Domain\MyGroup" /> 
   </authorization>
</security>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

欢你一世 2024-12-24 09:33:36

好吧,我想通了。我设置了如下所示的配置文件

<security>
  <authentication>
    <windowsAuthentication enabled="true" />
  </authentication>
  <authorization>
    <remove users="*" roles="" verbs="" />
    <remove users="?" roles="" verbs="" />
    <add accessType="Deny" users="?" />
    <add accessType="Allow" roles="Domain\MyGroup" />
  </authorization>
</security>

还必须设置

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

在实现 WCF 合同的类上

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

我想这意味着我使用 ASP 身份验证而不是 WCF 但我为我工作

Ok I figured it out. I have the config file set like the following

<security>
  <authentication>
    <windowsAuthentication enabled="true" />
  </authentication>
  <authorization>
    <remove users="*" roles="" verbs="" />
    <remove users="?" roles="" verbs="" />
    <add accessType="Deny" users="?" />
    <add accessType="Allow" roles="Domain\MyGroup" />
  </authorization>
</security>

Also had to set

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

And on my class that implements the WCF contract

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

I guess this means Im using ASP authentication rather than WCF but I works for me

和我恋爱吧 2024-12-24 09:33:36

PrincipalPermission 属性来自 .NET 代码访问安全功能,与 WCF 无关。如果服务托管在 IIS 中,则可以更灵活地执行此操作,此 MSDN 中显示了此操作 WCF 还支持不同的自定义身份验证机制如上所述在这里。

The PrincipalPermission attribute is from the .NET code access security functionality and isn't related to WCF. A more flexible way to do this if the service is hosted in IIS is shown in this MSDN post. WCF also supports different custom authentication mechanisms as described here.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文