stackoom
  简体   繁体   中英

WCF - Get Current User Identity

 原文  2014-07-22 09:17:36       c#/ wcf/ iis

Question

I have a silverlight application that send calls to a server. The server use WCF service to perform the call. I want to be able to check on the 'AfterReceiveRequest' function if the user who performs the call is the one I expected. if not - I want to abort the operation.

The problem is - I can't get the IIS user name properly. I tried this properties: 

OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name

And 

OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name

They give me the right user name only when I run the application from Visual Studio, and not on the Application Pool. When I run the application on the Application pool I get in both these parameters the value: IIS APPPOOL\\MyApplicationPool.

The Client and Server are on the same machine, so this doesn't seems like a double-hop.

Can anyone help? I need this to work in both Windows and Basic authentication.

1 answers

solution1
 0  2018-11-14 22:08:29

These identity values come from the authentication method that is used for WCF. You should post your WCF server side and client side configs. To enable Windows Authentication which uses encrypted hand shaking based on Windows authentication, please follow this article with an example:

https://docs.microsoft.com/en-us/dotnet/framework/wcf/how-to-secure-a-service-with-windows-credentials

Once you have this working, you will be able to see the Windows identity here: 

ServiceSecurityContext.Current.PrimaryIdentity

The key is to turn the security mode on at the binding level on the server side.

In code: 

    var myBinding = new WSHttpBinding();
    myBinding.Security.Mode = SecurityMode.Message;

In config: 

<bindings>  
  <wsHttpBinding>  
   <binding name = "wsHttpBinding_Calculator">  
     <security mode="Message">  
       <message clientCredentialType="Windows"/>  
     </security>  
    </binding>  
  </wsHttpBinding>  
</bindings>

I don't think the clientCredentialType="Windows" is even necessary because if it is not specified, you can still get the windows user identity anyway.

In response to your points about VS vs. IIS - this shouldn't be an issue. What I'd say is going on there is that the IIS service somehow doesn't access to the Active Directory domain. This could be a permissions issue. But, by default IIS should work in the same way as Visual Studio as Visual Studio just uses IIS Express. If IIS is configured with the same username as IIS Express, it should have access to authenticate over the domain in the same way. Note: ServiceSecurityContext.Current.PrimaryIdentity is not the IIS username. It is the Windows username.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question get current user email in Identity Unable to get the current user identity value ASP.NET Core Identity - get current user Unable to get the Current.User.Identity using formsauthentication Fast way to get current user in ASP.NET Identity How to get current user identity in Azure Function with Azure Authentication? Get current user id in ASP.NET Identity 2.0 Get ASP.NET Identity Current User In View Cant get HttpContext.Current.User.Identity to return values Getting the current user (aspnetcore identity)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM