stackoom
  简体   繁体   中英

WCF Service Authentication + Sitecore

 原文  2014-10-29 09:55:16       asp.net/ wcf/ authentication/ sitecore

Question

We are currently implementing WCF services in Sitecore to execute certain tasks. However we want to secure and authenticate these interactions to keep the Sitecore security model intact.

We use following configuration for the authentication (only relevant config and anonymised): 

<service name="Services.MailService" behaviorConfiguration="serviceBehavior">
    <endpoint address="" binding="wsHttpBinding" contract="Interfaces.IMailService"/>
</service>
<behavior name="serviceBehavior">
    <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Services.Authentication.CustomServiceAuthentication, MyLibrary" />
    </serviceCredentials>
</behavior>
<wsHttpBinding>
    <binding>
        <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName" />
            <transport clientCredentialType="None">
            </transport>
        </security>
    </binding>
</wsHttpBinding>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>

The custom validator inherits from UserNamePasswordValidator and logs the user in using the standard Sitecore.Security.Authentication.AuthenticationManager.Login() method. On this exact moment the user is indeed logged in and appears as Sitecore.Context.User. But when arriving in the WCF method itself this authentication is gone. (resulting in access exceptions from Sitecore as anonymous user does not have add item rights)

After a few tests and studying the interactions I noticed that the issue would be that WCF uses multiple messages and thus multiple HttpContext are being used. The cookies and login are not being retained between the requests. Looking deeper I noticed that the System.ServiceModel.ServiceSecurityContext.Current does retain the security login however it only shows up once entering the WCF method (ea it's not possible to use this in the Sitecore httpBeginRequest pipeline to identify and login the user at the UserResolver)

How can I ensure both asp.net and wcf are properly authenticated throughout the call?

1 answers

solution1
 1 ACCPTED  2015-08-13 09:44:53

In the end we ended up resolving this by including the following in the constructor of the service since our InstanceContextMode was set to PerCall: 

// Handle login for Sitecore to sync with the WCF security context
if (ServiceSecurityContext.Current != null)
{
    AuthenticationManager.Login(
    string.Format("{0}\\{1}", "yoursitecoredomain", ServiceSecurityContext.Current.PrimaryIdentity.Name));
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF service authentication fails Authentication Service using WCF AJAX Request to WCF Service Authentication WCF Authentication Service with SSL encryption Security setting for WCF service requires anonymous authentication ASP.NET Membership Authentication in WCF service Login and authentication system in a service (wcf) based application Authentication mode=“Forms” causing redirect in WCF service Consuming WCF service from jquery with WIF authentication Use WCF Service with basic authentication user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM