[英]How to configure Windows authentication for custom binding in WCF service?
I need to use Windows authentication in my application along with claim-based authorization using Windows Identity Foundation. 我需要在我的应用程序中使用Windows身份验证以及使用Windows Identity Foundation的基于声明的授权。 I have used following configuration for my service.
我已经为服务使用了以下配置。
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" maxConnections="50" openTimeout="01:20:00" receiveTimeout="20.00:00:00" sendTimeout="00:05:00" closeTimeout="01:20:00">
<security authenticationMode="Kerberos" />
<reliableSession/>
<windowsStreamSecurity protectionLevel="None"/>
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceMetadata httpGetEnabled="True"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I encounter some or other problem as I am working by trial and error but can't find a sure shot solution. 我在尝试和尝试时遇到一些或其他问题,但是找不到确定的解决方案。 Currently the service fails to start because of "Contract required two way, but binding doesn't support..." error.
当前,由于“需要合同两种方式,但绑定不支持...”错误,该服务无法启动。 Apart from that previously I was getting userName (authorizationContext.Principal.Identity.Name) as null in the CheckAccess method of AuthorizationManager (derived from ClaimsAuthorizationManager) whenever I try to add the service in WCF Test Client.
除此之外,每当尝试在WCF测试客户端中添加服务时,我都会在AuthorizationManager的CheckAccess方法(派生于ClaimsAuthorizationManager)中将userName(authorizationContext.Principal.Identity.Name)设置为null。
Basically I need to configure service such that the WCF service gets Windows Principal when-ever it gets call from client. 基本上,我需要配置服务,以便WCF服务在每次从客户端调用时都获得Windows Principal。
Any help would be appreciated. 任何帮助,将不胜感激。 I can provide more details if needed.
如果需要,我可以提供更多详细信息。
After much trial and error, the following configuration has worked for me. 经过多次尝试和错误,以下配置对我有用。
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</configSections>
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type = "Framework.Services.Security.PrincipalTransformer, ClaimsAuthorizationService"/>
<claimsAuthorizationManager type="Framework.Services.Security.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" closeTimeout="01:20:00" openTimeout="00:00:30"
receiveTimeout="20.00:00:00" sendTimeout="00:05:00">
<reliableSession />
<windowsStreamSecurity protectionLevel="None" />
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure" suppressAuditFailure="True"/>
<serviceCredentials useIdentityConfiguration="true"/>
<serviceAuthorization principalPermissionMode="Always"/>
<serviceMetadata httpGetEnabled="False"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
</configuration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.