[英]WCF windows credentials
my client on server A calls a service on B which calls a service on C. 我在服务器A上的客户端调用B上的服务,该服务调用C上的服务。
In order to get the call working from B->CI have to do this: 为了使呼叫从B-> CI工作必须这样做:
channel.Credentials.Windows.ClientCredential =
new System.Net.NetworkCredential("WndowsUserName", "WindowsPassWord");
IService1 service = channel.CreateChannel();
etc... 等等...
the user name and password are the windows credentials used from A->B Of course I do not want to hardcode this so how can I do this without hardcoding? 用户名和密码是从A-> B使用的Windows凭据当然我不想硬编码,所以如何在没有硬编码的情况下执行此操作?
I tried, with no luck: 我试过,没有运气:
WindowsIdentity callerWindowsIdentity =
ServiceSecurityContext.Current.WindowsIdentity;
using (callerWindowsIdentity.Impersonate())
It seems to be a "double hop" authentication problem. 这似乎是一个“双跳”身份验证问题。 In short, NTLM doesn't alllow more than one "hop" with it's credentials (token).
简而言之,NTLM不会使用它的凭证(令牌)不止一个“跳”。 So user authenticates on server 1 with it's token, and in turn, server 1 tries to send the token to server 2. This won't work, unless Kerberos deleguation is allowed between server 1 and 2.
因此,用户使用它的令牌在服务器1上进行身份验证,然后服务器1尝试将令牌发送到服务器2.这将不起作用,除非服务器1和2之间允许Kerberos删除。
More details here : http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx And here : http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx 更多细节在这里: http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx这里: HTTP://博客。 msdn.com/nunos/archive/2004/03/12/88468.aspx
Perhaps the class 也许是班级
System.Net.CredentialCache
could be helpfull ... It has the DefaultCredentials and DefaultNetworkCredentials properties that you can use. 可能有用...它具有您可以使用的DefaultCredentials和DefaultNetworkCredentials属性。 Offcourse, you will have to make sure that your application runs under the credentials that you want (that is , the credentials of the current user).
当然,您必须确保您的应用程序在您想要的凭据(即当前用户的凭据)下运行。 This can be done by calling
这可以通过调用来完成
AppDomain.CurrentDomain.SetPrincipalPolicy (PrincipalPolicy.WindowsPrincipal);
At the start of your program. 在您的计划开始时。
Then, when you initialize the WCF service, you can use the DefaultNetworkCredentials
provided by the CredentialCache
. 然后,在初始化WCF服务时,可以使用
CredentialCache
提供的DefaultNetworkCredentials
。
channel.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
IService1 service = channel.CreateChannel();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.