stackoom
  简体   繁体   中英

Pass windows credentials when invoke wcf service from other wcf service

 原文  2011-05-06 11:45:10       c#/ wcf/ wcf-security

Question

I have following problem:

I have two WCF Services both using basicHttpBinging defined as: 

    <binding name="DefaultBasicBinding" closeTimeout="01:00:00" openTimeout="01:00:00"
      receiveTimeout="01:00:00" sendTimeout="01:00:00" maxReceivedMessageSize="2147483647">
      <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>

In web.config i have also that lines: 

< authentication mode="Windows"/>
< serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Then I have silverlight application which invoke ServiceNo1. On server side, service method is executed. In her body ServiceNo1 and ServiceNo2 are invoked as client. 

ServiceNo1 client1 = new ServiceNo1();
client1.ExecuteNextMethod1();


ServiceNo2 client2 = new ServiceNo2();
client2.ExecuteNextMethod2();

And that works perfectly on locahost. When this is published on dev - problems starts.

When service methods are executed in method invoked by silverlight application, exception is thrown: 

Exception type: 
System.ServiceModel.Security.MessageSecurityException  

Message: 
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. 
The authentication header received from the server was 'Negotiate,NTLM'.

It's look like windows credentials are not passed.

Settings which are listed above are also on dev. Both servers (localhost & dev) have setted 'Only windows authentication' on IIS.

Anybody can't help me?

1 answers

solution1
 0  2011-05-06 11:51:18

What's most likely happening is that on localhost your web-server is running under your credentials. On the Dev server, the web-server will be running under a different service account (eg the IIS application pool service for your application).

You're best solution will be to get the service account your application is running under authorised against the second service.

There are alternatives - use your user credentials as the service account in dev (I'm assuming this is not an option in a controlled environment), or impersonate your credentials on the server side (again - this is unlikely to be appropriate in a controlled environment).

EDIT The best option for you might be to impersonate the user's credentials. See this MSDN article for implementation. I'm not too familiar with Silverlight but you should be able to do something like: 

using System.Security.Principal;

------------------------

WindowsImpersonationContext impersonationContext;
impersonationContext = 
    ((.WindowsIdentity)HttpContext.User.Identity).Impersonate();

//Call your service here.

impersonationContext.Undo();

Note that you might encounter the Double-Hop problem, where Windows will not allow you to pass the users credentials from one server to the next - I would read the linked article for background.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Pass Windows credentials to remote https WCF service How to invoke WCF method programmatically from windows service Pass a list of objects from a windows service to an wcf service WCF. Use windows credentials on service side WCF Service with Windows Service WCF Service - Failed to invoke service Certificate error when calling WCF service from Windows Service Accessing WCF client credentials from the service invoke WCF service method from web browser How to invoke a URL from a WCF REST service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM