從客戶端傳遞到WCF的憑據不在此處

Question

我試圖將Windows憑據傳遞到需要Windows身份驗證的WCF服務中，但似乎我的憑據沒有將其納入服務中。 我的服務沒有引發任何錯誤，但是當我檢查以下兩個2之一時，它們為空。 var user = WindowsIdentity.GetCurrent().User; var callerUserName = ServiceSecurityContext.Current.WindowsIdentity.User;

這是我的客戶端代碼 ServiceReference1.DispatchServiceClient service = new DispatchServiceClient(); service.ClientCredentials.Windows.ClientCredential = ServiceCredentialsManager.GetNetworkCredentials(); service.ClientCredentials.UserName.UserName= ServiceCredentialsManager.GetNetworkCredentials().UserName; service.ClientCredentials.UserName.Password = ServiceCredentialsManager.GetNetworkCredentials().Password; ServiceReference1.DispatchServiceClient service = new DispatchServiceClient(); service.ClientCredentials.Windows.ClientCredential = ServiceCredentialsManager.GetNetworkCredentials(); service.ClientCredentials.UserName.UserName= ServiceCredentialsManager.GetNetworkCredentials().UserName; service.ClientCredentials.UserName.Password = ServiceCredentialsManager.GetNetworkCredentials().Password;

客戶端配置-

 <basicHttpBinding>
    <binding name="BasicHttpsBinding_IDispatchService">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
  <basicHttpsBinding>
    <binding name="basicHttpsBindingMax" maxBufferSize="999999999"
      maxReceivedMessageSize="999999999">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpsBinding>
</bindings>

服務配置-

 <system.serviceModel>
      <bindings>
      <basicHttpBinding>
          <binding name="basicHttpsBinding">
              <security mode="Transport">
                  <transport clientCredentialType="Windows" />
              </security>
          </binding>
      </basicHttpBinding>
  </bindings>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
  <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Answer 1

請注意，為了使用Windows身份驗證，服務和客戶端應用程序必須在同一Windows域中運行。

還請確保您在客戶端中分配的值不為空。 通常，使用Windows身份驗證時無法從代碼訪問密碼。

如果使用Windows身份驗證對服務客戶端進行了身份驗證，則您可能不應該手動將憑據傳遞給服務。 身份驗證過程應由WCF自動處理，而不是僅依賴於發送憑據，而是例如可以使用Kerberos票證。

請在此處查看有關客戶端和服務的一些描述和代碼示例：

• https://msdn.microsoft.com/en-us/library/ms734673%28v=vs.110%29.aspx
• https://msdn.microsoft.com/en-us/library/ms733089%28v=vs.110%29.aspx

更新

經過一些研究，我發現有幾個來源表明，在客戶端代碼中適當設置憑據可能使WCF能夠從域外部進行身份驗證：

• https://devdump.wordpress.com/2009/04/29/wcf-windows-authentication-and-external-users/
• http://subbusspace.blogspot.com/2009/10/accessing-wshttp-wcf-service-from.html

這些文章中建議的代碼示例與您在問題中發布的代碼示例相似，但略有不同。 我尚未測試這些方法，它們可能無法在所有情況下都有效。