4
我打電話給Navision公開的Web服務,它使用Windows身份驗證進行安全保護。我可以稱之爲成功,但在此之後,它似乎在某種程度上緩存憑證,這就是我所擔心的。WCF客戶端緩存Windows身份驗證
該服務託管在遠程服務器上,並且位於與我的開發計算機不同的域中。我正在運行Visual Studio中的代碼。
我已經創建了服務的服務引用,並且我的app.config中沒有配置,所以所有設置都是使用代碼創建的。
首次運行(未指定的客戶端憑證):
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var address = new EndpointAddress("http://externalserver.com/DynamicsNAV/WS/Customer/Page/MyPage");
var client = new MyPage_PortClient(binding, address);
client.ClientCredentials.Windows.AllowNtlm = true;
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
var reqObj = new MyPage() { TypeID = "Test", Company_Name = "Test:" + DateTime.Now.ToShortTimeString() };
client.Create(ref reqObj);
client.Close();
Console.WriteLine(reqObj.Company_Name);
Console.ReadLine();
這給了我一個SecurityException。如預期。
第二輪(帶證書):
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var address = new EndpointAddress("http://externalserver.com/DynamicsNAV/WS/Customer/Page/MyPage");
var client = new MyPage_PortClient(binding, address);
client.ClientCredentials.Windows.ClientCredential.Domain = "MYDOM";
client.ClientCredentials.Windows.ClientCredential.UserName = "NavWebService";
client.ClientCredentials.Windows.ClientCredential.Password = "foo";
client.ClientCredentials.Windows.AllowNtlm = true;
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
var reqObj = new MyPage() { TypeID = "Test", Company_Name = "Test:" + DateTime.Now.ToShortTimeString() };
client.Create(ref reqObj);
client.Close();
Console.WriteLine(reqObj.Company_Name);
Console.ReadLine();
此調用成功。如預期的那樣。
第三次運行,與第一次相同。也就是說,沒有指定憑證。該呼叫成功。現在我很困惑。必須以某種方式緩存憑據?我重啓我的機器,結果相同。仍然成功。
然後我嘗試並指定虛假憑證:
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var address = new EndpointAddress("http://externalserver.com/DynamicsNAV/WS/Customer/Page/MyPage");
var client = new MyPage_PortClient(binding, address);
client.ClientCredentials.Windows.ClientCredential.Domain = "fakeMYDOM";
client.ClientCredentials.Windows.ClientCredential.UserName = "fakeNavWebService";
client.ClientCredentials.Windows.ClientCredential.Password = "badPwd";
client.ClientCredentials.Windows.AllowNtlm = true;
client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
var reqObj = new MyPage() { TypeID = "Test", Company_Name = "Test:" + DateTime.Now.ToShortTimeString() };
client.Create(ref reqObj);
client.Close();
Console.WriteLine(reqObj.Company_Name);
Console.ReadLine();
此調用失敗。如預期。
我再次回到第一個電話,但仍然成功。所以它實際上仍然緩存來自第一次成功呼叫的憑證,儘管我在此期間嘗試了無效憑證。
任何人都可以告訴我這裏發生了什麼?是否我不瞭解Windows身份驗證?在Visual Studio/WCF中是否有某種憑據緩存?