WCF-获取当前用户身份
[英]WCF - Get Current User Identity
问题描述
I have a silverlight application that send calls to a server. 
我有一个将呼叫发送到服务器的Silverlight应用程序。 The server use WCF service to perform the call. 服务器使用WCF服务执行呼叫。 I want to be able to check on the 'AfterReceiveRequest' function if the user who performs the call is the one I expected. 我希望能够检查“ AfterReceiveRequest”功能是否执行呼叫的用户是我期望的用户。 if not - I want to abort the operation. 如果不是-我想中止该操作。
The problem is - I can't get the IIS user name properly. 问题是-我无法正确获取IIS用户名。 I tried this properties: 我尝试了以下属性:
OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name
And 和
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name
They give me the right user name only when I run the application from Visual Studio, and not on the Application Pool. 仅当我从Visual Studio运行应用程序时,它们才给我正确的用户名,而不是在应用程序池中。 When I run the application on the Application pool I get in both these parameters the value: IIS APPPOOL\\MyApplicationPool. 当我在“应用程序池”上运行该应用程序时,我同时获得了两个参数的值:IIS APPPOOL \\ MyApplicationPool。
The Client and Server are on the same machine, so this doesn't seems like a double-hop. 客户端和服务器在同一台计算机上,因此这似乎不像是一跳。
Can anyone help? 有人可以帮忙吗? I need this to work in both Windows and Basic authentication. 我需要在Windows和Basic身份验证中都可以使用。
1 个解决方案
解决方案1
0 2018-11-14 22:08:29
These identity values come from the authentication method that is used for WCF. 这些身份值来自用于WCF的身份验证方法。 You should post your WCF server side and client side configs. 您应该发布WCF服务器端和客户端配置。 To enable Windows Authentication which uses encrypted hand shaking based on Windows authentication, please follow this article with an example: 要启用Windows身份验证,该方法使用基于Windows身份验证的加密握手功能,请按照以下示例操作:
https://docs.microsoft.com/en-us/dotnet/framework/wcf/how-to-secure-a-service-with-windows-credentials https://docs.microsoft.com/zh-cn/dotnet/framework/wcf/how-to-secure-a-service-with-windows-credentials
Once you have this working, you will be able to see the Windows identity here: 完成这项工作后,您将可以在此处查看Windows身份:
ServiceSecurityContext.Current.PrimaryIdentity
The key is to turn the security mode on at the binding level on the server side. 关键是在服务器端的绑定级别上打开安全模式。
In code: 在代码中:
var myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Message;
In config: 在配置中:
<bindings>
<wsHttpBinding>
<binding name = "wsHttpBinding_Calculator">
<security mode="Message">
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
I don't think the clientCredentialType="Windows" is even necessary because if it is not specified, you can still get the windows user identity anyway. 我认为clientCredentialType =“ Windows”甚至不是必需的,因为如果未指定它,您仍然仍然可以获取Windows用户身份。
In response to your points about VS vs. IIS - this shouldn't be an issue. 回应您关于VS vs. IIS的观点-这不应该成为问题。 What I'd say is going on there is that the IIS service somehow doesn't access to the Active Directory domain. 我要说的是,IIS服务以某种方式无法访问Active Directory域。 This could be a permissions issue. 这可能是权限问题。 But, by default IIS should work in the same way as Visual Studio as Visual Studio just uses IIS Express. 但是,默认情况下,IIS应该以与Visual Studio相同的方式工作,因为Visual Studio仅使用IIS Express。 If IIS is configured with the same username as IIS Express, it should have access to authenticate over the domain in the same way. 如果IIS使用与IIS Express相同的用户名配置,则它应该有权以相同的方式通过域进行身份验证。 Note: ServiceSecurityContext.Current.PrimaryIdentity is not the IIS username. 注意:ServiceSecurityContext.Current.PrimaryIdentity不是IIS用户名。 It is the Windows username. 这是Windows用户名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.