堆栈内存溢出
  简体   繁体   English

WCF 混合认证 UserName 和 WIndows

[英]WCF Mixed authentication UserName and WIndows

 原文  2011-07-14 14:03:09       c#/ .net/ wcf/ web-services/ authentication

问题描述

It is possible to use 2 types of authentications: windows and Username in wcf, using Message security Mode and certificate to authenticate.可以使用 2 种类型的身份验证:windows 和 wcf 中的用户名,使用消息安全模式和证书进行身份验证。 My UserName authentication cfg/code looks:我的用户名身份验证 cfg/代码看起来:
Server cfg:服务器配置:

<?xml version="1.0"?>
  <configuration>
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceCredentialsBehavior">
                <serviceCredentials>
                    <serviceCertificate findValue="cn=cool" storeName="TrustedPeople" storeLocation="CurrentUser" />
                    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Util.CustomUserNameValidator, Util"  />
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="MessageAndUserName">
                <security mode="Message">
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client/>
</system.serviceModel>
 <system.web>
    <compilation debug="true"/>
</system.web>
 </configuration>

Client cfg:客户端配置:

<?xml version="1.0" encoding="utf-8"?>
  <configuration>
<system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name="LocalCertValidation">
                <clientCredentials>
                    <serviceCertificate>
                        <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IService" >
                <security mode="Message">
                    <message clientCredentialType="UserName" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:48097/WCFServer/Service.svc"
                  binding="wsHttpBinding"
                  bindingConfiguration="WSHttpBinding_IService"
                  contract="ServiceReference1.IService"
                  name="WSHttpBinding_IService" behaviorConfiguration="LocalCertValidation">
            <identity>
                <dns value ="cool" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>
</configuration>

What to change, server to know windows identity that access it?改什么,服务器知道windows身份那个访问吗?

1 个解决方案

解决方案1
 1 已采纳  2011-07-14 14:35:25

Interesting question, If you really need to have a mix of authentication, you could try having transport set as one authentication type.有趣的问题,如果您真的需要混合身份验证,您可以尝试将传输设置为一种身份验证类型。 and message as the other, I have no idea if this would work in practice: but it seems reasonable given that you can configure them separately :)和消息一样,我不知道这在实践中是否可行:但考虑到您可以单独配置它们,这似乎是合理的:)

You could see if you can set something similar to the below for your binding to pick up the windows credentials (wsHttpBinding can handle windows credentials).您可以查看是否可以为绑定设置类似于下面的内容以获取 windows 凭据(wsHttpBinding 可以处理 windows 凭据)。

 <security mode="Transport">
        <transport clientCredentialType="Whatever your authentication method is" />
        <message clientCredentialType="Windows" />
      </security>

If you try it, let me know if it works!如果你尝试它,让我知道它是否有效!

EDIT:编辑:

Oh, according to the documentation it is possible to do mixed authentication.哦,根据文档,可以进行混合身份验证。 You have to set the mode to "Mixed", so the config might look something like this:您必须将模式设置为“混合”,因此配置可能如下所示:

 <security mode="mixed">
        <transport clientCredentialType="Whatever your authentication method is" />
        <message clientCredentialType="Windows" />
      </security>

From the documentation:从文档中:

Mixed security.混合安全。 Mixed security gives you the best of both worlds: transport security ensures the integrity and confidentiality of the messages, while the user credentials and claims are encapsulated in every message as in message security.混合安全性为您提供两全其美的优势:传输安全性确保消息的完整性和机密性,而用户凭据和声明被封装在每条消息中,就像消息安全性一样。 This allows you to use a variety of user credentials that are not possible with strict transport security mechanisms, and to leverage transport security's performance.这允许您使用严格的传输安全机制无法使用的各种用户凭据,并利用传输安全的性能。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Windows用户名/密码的简单WCF身份验证 - Simple WCF Authentication with windows username/password WCF WebService的用户名身份验证 - UserName authentication for WCF WebService 使用用户名身份验证的 WCF 中的异常 - Exception in WCF with UserName Authentication 具有Windows身份验证的WCF服务将引发异常“未定义用户名”,即使已定义 - WCF service with Windows authentication throws exception “Username not defined” even if it is defined WCF用户名身份验证 - 教程中的异常 - WCF Username Authentication - exception in tutorial WCF服务中的用户名身份验证不起作用 - Username authentication in WCF service not working WCF 和自定义身份验证(用户名/密码) - WCF and custom Authentication (username/password) IIS 混合匿名和 Windows 身份验证 - IIS Mixed Anonymous and Windows Authentication Windows身份验证-获取Windows用户名 - Windows Authentication - Get windows username Windows身份验证的WCF路由 - WCF Routing with Windows authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM