Windows Authentication, Custom permissions, WCF, Active Directory
Question
I have a client/server project, communicating with WCF (Named Pipes for now, but that can change - but I cannot use IIS). This project is integrated with Active Directory.
This program is designed to give users permissions that normally don't have permissions, by acting as a sort of proxy. The user uses the client to "request" a task to be performed. The server then performs the task for the client, as long as certain criteria are met.
One of these criteria is that the user is allowed to request this task. I need a way for my WCF service to guarantee the identity of the user, compare it to a database, and either perform the task, or deny the task.
How would I use Windows Authentication to guarantee 100% that the user is who they say they are?
Thanks in advance,
Mike
2 answers
solution1
0 2009-07-23 01:20:17
The only allowed type of authentication for Named Pipes is Windows Authentication (scroll down to netNamedPipeBinding). You can do the impersonation declareatively for example ...
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string GetData(int value)
{
return string.Format("Hi, {0}, you have entered: {1}",
WindowsIdentity.GetCurrent().Name, value);
}
Once you have the identity, you know that Windows has properly authenticated this user and you can check that identity against what you have in your DB.
solution2
0 2009-07-23 01:40:18
You can create a custom ServiceAuthorizationManager and implement the validation against your user db in CheckAccessCore .
See How to: Create a Custom Authorization Manager for a Service .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.