从其他WCF服务调用WCF服务时传递Windows凭据
[英]Pass windows credentials when invoke wcf service from other wcf service
问题描述
I have following problem: 
我有以下问题:
I have two WCF Services both using basicHttpBinging defined as: 我有两个WCF服务都使用basicHttpBinging定义为:
<binding name="DefaultBasicBinding" closeTimeout="01:00:00" openTimeout="01:00:00"
receiveTimeout="01:00:00" sendTimeout="01:00:00" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
In web.config i have also that lines: 在web.config中,我也有以下几行:
< authentication mode="Windows"/>
< serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
Then I have silverlight application which invoke ServiceNo1. 然后,我有调用ServiceNo1的silverlight应用程序。 On server side, service method is executed. 在服务器端,执行服务方法。 In her body ServiceNo1 and ServiceNo2 are invoked as client. 在她的身体中,ServiceNo1和ServiceNo2作为客户端被调用。
ServiceNo1 client1 = new ServiceNo1();
client1.ExecuteNextMethod1();
ServiceNo2 client2 = new ServiceNo2();
client2.ExecuteNextMethod2();
And that works perfectly on locahost. 这在locahost上完美运行。 When this is published on dev - problems starts. 当它在dev上发布时-问题开始了。
When service methods are executed in method invoked by silverlight application, exception is thrown: 在Silverlight应用程序调用的方法中执行服务方法时,将引发异常:
Exception type:
System.ServiceModel.Security.MessageSecurityException
Message:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'.
The authentication header received from the server was 'Negotiate,NTLM'.
It's look like windows credentials are not passed. 看来Windows凭据未通过。
Settings which are listed above are also on dev. 上面列出的设置也在开发人员中。 Both servers (localhost & dev) have setted 'Only windows authentication' on IIS. 两个服务器(localhost和dev)都在IIS上设置了“仅Windows身份验证”。
Anybody can't help me? 有人不能帮我吗?
1 个解决方案
解决方案1
0 2011-05-06 11:51:18
What's most likely happening is that on localhost your web-server is running under your credentials. 最有可能发生的是在本地主机上,您的Web服务器正在您的凭据下运行。 On the Dev server, the web-server will be running under a different service account (eg the IIS application pool service for your application). 在开发服务器上,Web服务器将在其他服务帐户下运行(例如,您的应用程序的IIS应用程序池服务)。
You're best solution will be to get the service account your application is running under authorised against the second service. 最好的解决方案是获取针对第二项服务授权运行的服务帐户。
There are alternatives - use your user credentials as the service account in dev (I'm assuming this is not an option in a controlled environment), or impersonate your credentials on the server side (again - this is unlikely to be appropriate in a controlled environment). 还有其他选择-将您的用户凭据用作开发人员中的服务帐户(我假设这不是受控环境中的选项),或者在服务器端模拟您的凭据(再次-这在受控环境中不太可能适用)环境)。
EDIT The best option for you might be to impersonate the user's credentials. 编辑对您来说最好的选择可能是模拟用户的凭据。 See this MSDN article for implementation. 有关实现,请参见此MSDN文章 。 I'm not too familiar with Silverlight but you should be able to do something like: 我对Silverlight不太熟悉,但是您应该可以执行以下操作:
using System.Security.Principal;
------------------------
WindowsImpersonationContext impersonationContext;
impersonationContext =
((.WindowsIdentity)HttpContext.User.Identity).Impersonate();
//Call your service here.
impersonationContext.Undo();
Note that you might encounter the Double-Hop problem, where Windows will not allow you to pass the users credentials from one server to the next - I would read the linked article for background. 请注意,您可能会遇到Double-Hop问题,Windows不允许您将用户凭据从一台服务器传递到另一台服务器-我将阅读链接文章作为背景。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.