WCF Web服务 - 在同一服务器上进行多跳模拟
[英]WCF Web Services - Multiple Hop impersonation on the same server
问题描述
I have 3 web services, all located on the same server. 
我有3个Web服务,都位于同一台服务器上。
My Client calls Service A, which impersonates the client to call Service B, and all is well. 我的客户端称服务A,它冒充客户端呼叫服务B,一切都很顺利。
Now, I want to impersonate the caller of service B (which is my username) to call Service C. When I use the same technique as before (AllowedImpersonationLevel = Impersonate, user.Impersonate()), The user doesnt get passed to service C. Instead, Service C sees the user as the user I am running it under in IIS (which is a UPN, not the standard NETWORK SERVICE account). 现在,我想模拟服务B的调用者(这是我的用户名)来调用服务C.当我使用与以前相同的技术时(AllowedImpersonationLevel = Impersonate,user.Impersonate()),用户不会传递给服务C相反,服务C将用户视为我在IIS中运行它的用户(这是一个UPN,而不是标准的NETWORK SERVICE帐户)。
Is there anything special I need to do to get this working? 为了让这个工作,我需要做些什么特别的事情吗? Is this a delegation issue? 这是代表团问题吗? (I thought it would not be delegation because they are all on the same server) (我认为这不是委托,因为它们都在同一台服务器上)
Thanks SO! 谢谢!
3 个解决方案
解决方案1
0 2010-06-04 15:44:46
You can try turning on ASP.Net Compatibility on Service C 您可以尝试在服务C上启用ASP.Net兼容性
In Web.cofig 在Web.cofig中
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
In your service class 在您的服务类中
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class Service : IService
{
public string ExecuteRequest(string xmlRequest)
{
IRequestManager requestManager = new RequestManager();
return requestManager.ProcessRequest(xmlRequest);
}
}
解决方案2
0 2010-07-02 13:49:39
I would have expected to have to use delegation since you are crossing process boundaries twice. 我原本期望必须使用委托,因为你跨越了两次进程边界。 Have you tried TokenImpersonationLevel.Delegation? 你试过TokenImpersonationLevel.Delegation吗?
解决方案3
0 已采纳 2010-11-25 22:29:31
You require delegation in this scenario. 您需要在此方案中委派。 The configuration you require is ImpersonationLevel.Delegation (set in config or code). 您需要的配置是ImpersonationLevel.Delegation(在配置或代码中设置)。 Have a look at the WCF Security Guidance on codeplex it is a very good source. 看一下关于codeplex的WCF安全指南,它是一个非常好的资源。 Be careful as achieving delegation, particularly in a production environment, requirements more than simply selecting the correct option in the config file. 小心实现委托,特别是在生产环境中,要求不仅仅是在配置文件中选择正确的选项。 You need to ensure that the application you connect to, eg SQL server, are configured for delegation, and that certain infrastructure requirements are met within active directory and the like, such as service principal names (SPN). 您需要确保连接到的应用程序(例如SQL Server)已配置为委派,并且在活动目录等中满足某些基础结构要求,例如服务主体名称(SPN)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.