WCF / basicHttp和NTLM身份验证
[英]WCF/basicHttp and NTLM authentication
问题描述
Does anyone know how exactly NTLM authentication works in WCF/basicHttp? 
有谁知道NTLM身份验证在WCF / basicHttp中如何工作? I wonder if user credentials are passed for every single service method call, or if some kind of security token is being used for subsequent service method calls. 我想知道是否为每个服务方法调用传递了用户凭据,或者是否将某种安全令牌用于后续服务方法调用。
The exact binding configuration that I am using: 我正在使用的确切绑定配置:
<bindings>
<basicHttpBinding>
<binding name="winAuthBasicHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
</basicHttpBinding>
</bindings>
I found this type of configuration on the MSDN reference. 我在MSDN参考上发现了这种类型的配置。 But I am not sure if this a good idea performance wise. 但是我不确定这是否是一个好主意。 An alternative would be providing a custom GetAuthenticationToken() kind of method to provide a security token for all subsequent requests of the client. 一种替代方法是提供一种自定义的GetAuthenticationToken()方法,以为客户端的所有后续请求提供安全令牌。 This could be done via the Enterprise Library - Security Application Block. 这可以通过企业库-安全应用程序块来完成。
Further details: The service is being consumed by Browsers/Silverlight Clients. 更多详细信息:浏览器/ Silverlight客户端正在使用该服务。
1 个解决方案
解决方案1
1 已采纳 2009-05-10 20:15:49
In this case here, every single method call will be authenticated. 在这种情况下,将对每个方法调用进行身份验证。
What you're talking about would be what is called "secure sessions", where the client authenticates once against the server and then a common token is used for subsequent exchanges. 您所说的是所谓的“安全会话”,其中客户端针对服务器进行一次身份验证,然后使用通用令牌进行后续交换。 That secure sessions features however is only available with wsHttpBinding - not with basicHttpBinding. 但是,该安全会话功能仅适用于wsHttpBinding-不适用于basicHttpBinding。
Marc 渣
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.