堆栈内存溢出
  简体   繁体   English

IIS网络用户帐户可以调用在其他帐户下运行的WCF服务吗?

[英]Can the IIS network-user account call a WCF service running under a different account?

 原文  2009-08-17 23:30:51       .net/ asp.net/ iis/ ipc

问题描述

I'm currently looking into using WCF to communicate between a server and a program that acts as a facade for a legacy system. 我目前正在研究使用WCF在服务器和充当旧系统基础的程序之间进行通信。

Quick overview: user <-> ASP .NET web pages <-> WCF <-> facade program <-> legacy system 快速概述:用户<-> ASP .NET网页<-> WCF <->门面程序<->旧版系统

I don't want to run IIS with the rights required to run the facade program so I was thinking about using WCF to communicate between the two pieces of software. 我不想以运行Facade程序所需的权限来运行IIS,因此我在考虑使用WCF在两个软件之间进行通信。

Is this possible? 这可能吗? Should I be using something other than WCF to communicate between the two .NET projects? 我应该使用WCF之外的其他工具在两个.NET项目之间进行通信吗?

3 个解决方案

解决方案1
 2 已采纳  2009-08-18 00:04:49

I don't see any immediate issues with this approach - WCF is generally the best choice for inter-process / inter-machine communication in .NET due to the vast array of options it supports via configuration. 我看不到这种方法有任何直接的问题-WCF通常是.NET中进程间/机器间通信的最佳选择,因为它通过配置支持大量的选项。

In terms of authenticating IIS -> WCF service, you could just start with default Windows authentication provided by the WCF client proxy. 在对IIS-> WCF服务进行身份验证方面,您可以从WCF客户端代理提供的默认Windows身份验证开始。 IIS will connect to the WCF service using Network Service credentials, which should authenticate automatically on the same machine. IIS将使用网络服务凭据连接到WCF服务,该凭据应在同一台计算机上自动进行身份验证。

If you are hosting the WCF service on a different machine you will need to map the Network Service account on the IIS machine to the machine where the service is hosted using the computer account name which is in the form DOMAIN\\COMPUTERNAME$. 如果将WCF服务托管在其他计算机上,则需要使用DOMAIN \\ COMPUTERNAME $形式的计算机帐户名将IIS计算机上的网络服务帐户映射到托管该服务的计算机。

Alternatively, you can initialize your own NetworkCredentials instance on the client proxy for a specific domain account. 或者,您可以在客户端代理上为特定域帐户初始化自己的NetworkCredentials实例。 This is less secure as you have to include the password in your code, but it tends to be easier to use in practice. 由于您必须在代码中包含密码,因此这种方法的安全性较差,但是在实践中往往更易于使用。

The WCF service host process can run using a different process identity, and use that process identity for executing downstream components. WCF服务主机进程可以使用其他进程标识运行,并将该进程标识用于执行下游组件。

解决方案2
 1  2009-08-17 23:53:13

I would do a socket connection. 我会进行套接字连接。 Frontend listening to a port, the .NET web page connect to it and trade data... no worries about user level at all. 前端监听端口,.NET网页连接到该端口并交换数据...根本不用担心用户级别。

解决方案3
 0  2009-08-17 23:33:11

帐户完全没有关系。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在WcfSvcClient中运行的WCF服务可以在域帐户下运行吗? - Can WCF services running in WcfSvcClient run under a domain account? 将IIS应用程序池帐户委派给WCF服务调用 - Delegate IIS Application Pool account to WCF service calls 在 (Azure) AD 帐户下运行的服务能否透明地获取 OAuth2 令牌? - Can OAuth2 tokens be obtained transparently by a service running under an (Azure) AD account? 如何在系统 Windows 用户帐户下启动控制台应用程序? - How to start a Console App as running under the System Windows user account? 如何使用“网络服务”帐户启动控制台应用程序 - How can i start a console application using the 'network service' account 我的服务运行的是什么帐户? - What account is my service running as? Windows服务安装程序用于不同的用户帐户(本地系统除外) - Windows service installer for different user account (other than local system) 用户/帐户Web服务(.NET) - User/Account web service (.NET) Windows服务(使用用户帐户登录) - Windows service with User account Login 从系统帐户下的服务启动过程 - Launching process from service under system account
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM