受限的远程WCF服务:Windows身份验证提示
[英]Restricted Remote WCF Service: Windows Authentication Prompt
问题描述
I want to let remote administrators (with local or domain credentials) control my Windows service via a WCF TCP binding. 
我想让远程管理员(具有本地或域凭据)通过WCF TCP绑定控制我的Windows服务。 To do this, I need to authenticate the remote user as an administrator. 为此,我需要将远程用户认证为管理员。 I can check the principal user/roles, but I don't know how to prompt the remote user for the correct user details/token. 我可以检查主要用户/角色,但是不知道如何提示远程用户正确的用户详细信息/令牌。
This is related to my previous question on Restricting WCF TCP endpoint to Administrators . 这与我先前有关将WCF TCP端点限制为管理员的问题有关。 Instead of adding [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")] to my restricted service method and catching a SecurityException , it seems I can check for it with: 与其将[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]到我的受限服务方法中并捕获一个SecurityException ,似乎我可以使用以下方法进行检查:
if (!System.Threading.Thread.CurrentPrincipal.IsInRole("Administrators"))
return MethodResult.AccessDenied;
// haven't tested if it's the service thread or the remote user yet.
How do I prompt the remote user for Windows authentication if a Access Denied result was returned so I can reinitiate the connection as a different principal? 如果返回了“拒绝访问”结果,如何提示远程用户进行Windows身份验证,以便我可以使用其他主体重新启动连接?
Of course, the change would need to be effected on the remote user's client application. 当然,需要在远程用户的客户端应用程序上进行更改。 Perhaps there is a cleaner WCF way to do it? 也许有一种更清洁的WCF方式可以做到这一点?
Edit: Searching for ".net impersonation" led me to this on CodeProject. 编辑:搜索“.NET冒充”导致我这个 CodeProject上。 Haven't had a chance to look, but this may be the way to go. 还没来得及看的机会,但这也许是要走的路。
3 个解决方案
解决方案1
1 已采纳 2010-12-10 12:56:46
You need to pass in the user's credentials with your WCF call. 您需要通过WCF调用传递用户的凭据。 Normally the client application just "captures" the currently running user's credentials. 通常,客户端应用程序只是“捕获”当前正在运行的用户的凭据。 Alternatively you can specify a username and password explicitly. 或者,您可以显式指定用户名和密码。 So you could prompt the user for an alternative set of credentials if you wish. 因此,您可以根据需要提示用户输入另一组凭据。
Either way, the client app needs to prompt the user. 无论哪种方式,客户端应用都需要提示用户。 Your WCF call should return an error (code or exception) upon authorization failure and your client should capture that return and display a prompt to the user and retry with the new credentials. 授权失败后,您的WCF调用应返回错误(代码或异常),并且客户端应捕获该返回并向用户显示提示,并使用新凭据重试。 WCF by itself cannot handle prompting the user. WCF本身无法处理提示用户。
Here is an article on various means of passing credentials: 这是有关传递凭据的各种方法的文章:
http://blogs.msdn.com/b/sonuarora/archive/2007/04/21/setting-client-credentials.aspx http://blogs.msdn.com/b/sonuarora/archive/2007/04/21/setting-client-credentials.aspx
解决方案2
0 2010-12-10 12:29:01
Assuming this is hosted in IIS you need to turn off anonymouse authentication in the IIS Manager. 假设它托管在IIS中,则需要在IIS管理器中关闭匿名身份验证。 This should force the user to login to the machine using a Windows account. 这将强制用户使用Windows帐户登录到计算机。 You may also need to enable ASP.NET Impersonation. 您可能还需要启用ASP.NET模拟。
解决方案3
0 2010-12-10 14:39:51
这是通过pInvoke使用标准Windows对话框提示用户的方法如何在C#.Net 3.5 SP1中显示身份验证对话框
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.