1. 首頁
  2. 問答
  3. 使用WCF和自我託管的Windows身份驗證

使用WCF和自我託管的Windows身份驗證

2010-03-11 57 views
3

我開發了一個非常簡單的主機和客戶端,我想用它來測試WCF客戶端是否可以將登錄的Windows用戶憑據傳遞給主機服務要求用戶重新輸入他們的憑證或設置安全性。使用WCF和自我託管的Windows身份驗證

我的主機配置是這樣的:

<configuration> 
    <system.serviceModel> 
    <services> 
     <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior"> 
     <host> 
      <baseAddresses> 
      <add baseAddress = "http://localhost:8000/WCFTest/CalculatorService/" /> 
      <add baseAddress = "net.tcp://localhost:9000/WCFTest/CalculatorService/" /> 
      </baseAddresses> 
     </host> 
     <endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/> 
     <endpoint address ="netTcpEP" binding="netTcpBinding" contract="WCFTest.ICalculatorService"/> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> 

     </service> 
    </services> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="basicHttpBindingConfig"> 
      <security mode="TransportCredentialOnly"> 
      <transport clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="WCFTest.CalculatorBehavior">   
      <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" /> 
      <serviceCredentials > 
      <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" /> 
      </serviceCredentials> 
      <serviceMetadata httpGetEnabled="True"/> 
      <serviceDebug includeExceptionDetailInFaults="False" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    </system.serviceModel> 
</configuration>

我的客戶端配置是這樣的:

<configuration> 
    <configSections> 
     <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > 
      <section name="WCFClient.Settings1" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" /> 
     </sectionGroup> 
    </configSections> 
    <system.serviceModel> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="BasicHttpBinding_ICalculatorService" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" 
        useDefaultWebProxy="true"> 
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <security mode="TransportCredentialOnly"> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" 
          realm="" /> 
         <message clientCredentialType="UserName" algorithmSuite="Default" /> 
        </security> 
       </binding> 
      </basicHttpBinding> 
      <netTcpBinding> 
       <binding name="NetTcpBinding_ICalculatorService" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" 
        hostNameComparisonMode="StrongWildcard" listenBacklog="10" 
        maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" 
        maxReceivedMessageSize="65536"> 
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 
        <security mode="Transport"> 
         <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> 
         <message clientCredentialType="Windows" /> 
        </security> 
       </binding> 
      </netTcpBinding> 
     </bindings> 
     <client> 
      <endpoint address="http://ldndwm286380:8000/WCFTest/CalculatorService/basicHttpEP" 
       binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICalculatorService" 
       contract="CalcService.ICalculatorService" name="BasicHttpBinding_ICalculatorService" /> 
      <endpoint address="net.tcp://ldndwm286380:9000/WCFTest/CalculatorService/netTcpEP" 
       binding="netTcpBinding" bindingConfiguration="NetTcpBinding_ICalculatorService" 
       contract="CalcService.ICalculatorService" name="NetTcpBinding_ICalculatorService"> 
      </endpoint> 
     </client> 
    </system.serviceModel> 
    <userSettings> 
     <WCFClient.Settings1> 
      <setting name="Setting" serializeAs="String"> 
       <value>True</value> 
      </setting> 
     </WCFClient.Settings1> 
    </userSettings> 
</configuration>

我的客戶端代碼:

class Program 
{ 
    static void Main(string[] args) 
    { 
     Console.WriteLine("Press enter to start"); 
     Console.ReadLine(); 

     CalcService.ICalculatorService httpCalcService = new CalcService.CalculatorServiceClient("BasicHttpBinding_ICalculatorService"); 
     Console.WriteLine(httpCalcService.AddValues(new int[] { 1, 2, 3 }).Value); 
     Console.ReadLine(); 

     CalcService.ICalculatorService TcpCalcService = new CalcService.CalculatorServiceClient("NetTcpBinding_ICalculatorService"); 
     Console.WriteLine(httpCalcService.AddValues(new int[] { 5, 10, 15 }).Value); 
     Console.ReadLine(); 
    } 
}

,如果我跑這工作正常客戶端在我的電腦上。如果我同事的PC上運行的客戶端我在客戶端上此異常堆棧:

Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oX0we6ADCgEBonQEcm BwBgkqhkiG9xIBAgIDAH5hMF+gAwIBBaEDAgEepBEYDzIwMTAwMzExMTAzNjAzWqUFAgMEDFimAwIBKakYGxZJTlRSQU5FVC5CQVJDQVBJTlQuQ09NqhowGK ADAgEBoREwDxsNTERORFdNMjg2MzgwJA=='. ---> System.Net.WebException: The remote server returned an error: (401) Unauthoriz ed. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)

at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob) at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boole an preAuthenticate) at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials) at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials credentials) at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo) at System.Net.HttpWebRequest.CheckResubmitForAuth() at System.Net.HttpWebRequest.CheckResubmit(Exception& e) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeou t) --- End of inner exception stack trace ---

任何幫助表示讚賞,

感謝,

尼克

來源

2010-03-11 ng5000

回答

8

在您的客戶端的配置,您需要在「端點」元素內添加一個附加元素以指定該服務正在運行的主體。以下是一個示例:

<identity> 
     <servicePrincipalName value="[email protected]" /> 
</identity>

這應該允許在客戶端和主機之間建立通道時發生適當的身份驗證。如果服務使用不同的帳戶運行,則需要相應地調整該值(即,如果它正在使用系統帳戶作爲Windows服務運行,則它將類似於'host/mymachine.mydomain.com')。

來源

2010-03-11 13:29:32 Kwal

+0

非常感謝 - 可以通過編程設置嗎? – ng5000 2010-03-15 12:55:04

+1

EndpointAddress對象中有一個名爲'Identity'的屬性。您可以將其設置爲一個SpnEndpointIdentity對象,該對象採用您正在使用的主體的名稱。 – Kwal 2010-03-15 15:35:14

相關問題

 相關問題