stackoom
  简体   繁体   中英

Restricted Remote WCF Service: Windows Authentication Prompt

 原文  2010-12-10 12:19:23       wcf/ authentication/ nettcpbinding/ password-prompt

Question

I want to let remote administrators (with local or domain credentials) control my Windows service via a WCF TCP binding. To do this, I need to authenticate the remote user as an administrator. I can check the principal user/roles, but I don't know how to prompt the remote user for the correct user details/token.

This is related to my previous question on Restricting WCF TCP endpoint to Administrators . Instead of adding [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")] to my restricted service method and catching a SecurityException , it seems I can check for it with: 

if (!System.Threading.Thread.CurrentPrincipal.IsInRole("Administrators"))
    return MethodResult.AccessDenied;
// haven't tested if it's the service thread or the remote user yet.

How do I prompt the remote user for Windows authentication if a Access Denied result was returned so I can reinitiate the connection as a different principal?

Of course, the change would need to be effected on the remote user's client application. Perhaps there is a cleaner WCF way to do it?

Edit: Searching for ".net impersonation" led me to this on CodeProject. Haven't had a chance to look, but this may be the way to go.

3 answers

solution1
 1 ACCPTED  2010-12-10 12:56:46

You need to pass in the user's credentials with your WCF call. Normally the client application just "captures" the currently running user's credentials. Alternatively you can specify a username and password explicitly. So you could prompt the user for an alternative set of credentials if you wish.

Either way, the client app needs to prompt the user. Your WCF call should return an error (code or exception) upon authorization failure and your client should capture that return and display a prompt to the user and retry with the new credentials. WCF by itself cannot handle prompting the user.

Here is an article on various means of passing credentials:
http://blogs.msdn.com/b/sonuarora/archive/2007/04/21/setting-client-credentials.aspx

solution2
 0  2010-12-10 12:29:01

Assuming this is hosted in IIS you need to turn off anonymouse authentication in the IIS Manager. This should force the user to login to the machine using a Windows account. You may also need to enable ASP.NET Impersonation.

solution3
 0  2010-12-10 14:39:51

这是通过pInvoke使用标准Windows对话框提示用户的方法如何在C#.Net 3.5 SP1中显示身份验证对话框

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF Service windows authentication WCF Service, Windows Authentication Pass Windows credentials to remote WCF service Pass Windows credentials to remote https WCF service WCF Service calling Windows Authentication protected URL WCF Rest service Windows authentication via Browser Authentication against ADFS with WCF hosted on Windows service WCF service with Windows Authentication moved to Azure WCF Streaming on service with Windows Authentication Endpoint Windows Authentication for WCF service with Silverlight 5, IIS 7.5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM