1. 首頁
  2. 問答
  3. 將PrincipalPermissionAttribute與自定義角色提供者配合使用

將PrincipalPermissionAttribute與自定義角色提供者配合使用

2011-06-19 89 views
1

我正在爲我的組織開發新的安全基礎設施。由於我們爲內部組織使用開發系統,因此我想使用Windows身份驗證,但對於授權,我們管理單獨的Oracle DB(出於歷史原因)。我的想法是使用PrincipalPermissionAttribute定義將PrincipalPermissionAttribute與自定義角色提供者配合使用

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
全球

::的Application_Start 和

<system.web> 
    <compilation debug="true" targetFramework="4.0" /> 
    <authorization> 
     <deny users="?"/> 
    </authorization> 
    <roleManager **defaultProvider="MyRoleProvider"** 
     enabled="true" 
     cacheRolesInCookie="true" 
     cookieName=".ASPROLES" 
     cookieTimeout="30" 
     cookiePath="/" 
     cookieRequireSSL="false" 
     cookieSlidingExpiration="true" 
     cookieProtection="All" > 
     <providers> 
     <clear /> 
     <add 
      name="MyRoleProvider" 
      type="WcfServiceLibrary1.MyRoleProvider" 
      connectionStringName="Service1" 
      applicationName="InfraTest" 
      writeExceptionsToEventLog="true" /> 
     </providers> 
    </roleManager> 
    </system.web> 
    <system.serviceModel> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="BasicHttpEndpointBinding"> 
      <security mode="TransportCredentialOnly"> 
      <transport **clientCredentialType="Windows"** /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service name="WcfService1.Service1"> 
     <endpoint address="WcfAuthenticationTest" binding="basicHttpBinding" 
      bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" 
      contract="WcfService1.IService1"> 
      <identity> 
      <dns value="localhost"/> 
      </identity> 
     </endpoint> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost/WcfAuthentication"/> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceAuthorization **principalPermissionMode="UseAspNetRoles"**/> 
      <serviceMetadata httpGetEnabled="true"/> 
      <serviceDebug includeExceptionDetailInFaults="true"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    </system.webServer>
在我的web.config

使用我自定義角色提供應該訪問Oracle數據庫檢查的作用。但我無法讓它工作。有沒有辦法使PrincipalPermissionAttribute以這種方式工作或可能是整個概念是錯誤的?我想實現我的自定義CodeAccessSecurityAttribute,但它並不那麼簡單,所以我寧願不要這樣做 有沒有人有任何想法的問題?我會很高興得到一些答案

來源

2011-06-19 Daniel Kabzon

回答

1

我最近學到了兩件事。首先,我所有的概念都是正確的,我可以使用PrinciplePermissionAttribute和Costom角色提供者,第二個是我完全與web.config標籤混淆。標記用於asp.net設置,而用於WCF設置。所以一個位配置解決了整個問題。這是正確的配置

<?xml version="1.0"?> 
<configuration> 

    <system.web> 
    <compilation debug="true" defaultLanguage="c#" targetFramework="4.0" /> 

    <roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" 
     defaultProvider="MyRoleProvider"> 
     <providers> 
     <clear /> 
     <add connectionStringName="Service1" applicationName="InfraTest" 
      writeExceptionsToEventLog="false" name="MyRoleProvider" type="SecLib.MyRoleProvider" /> 
     </providers> 
    </roleManager> 

    </system.web> 
    <system.serviceModel> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="BasicHttpBindingConfiguration" closeTimeout="00:01:00" 
      sendTimeout="00:10:00" maxBufferSize="524288" maxReceivedMessageSize="524288"> 
      <security mode="TransportCredentialOnly"> 
      <transport clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service name="WcfRoleProviderTestService.Service1" 
       behaviorConfiguration="BasicHttpServiceBehavior" > 
     <endpoint name="BasicHttpEndpoint" 
        contract="WcfRoleProviderTestService.IService1" 
        address="WcfAuthenticationTest" 
        binding="basicHttpBinding" 
        bindingConfiguration="BasicHttpBindingConfiguration" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost/WcfRoleProviderTestService/" /> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="BasicHttpServiceBehavior"> 
      <serviceAuthorization principalPermissionMode="UseAspNetRoles" 
      roleProviderName="MyRoleProvider" impersonateCallerForAllOperations="true" /> 
      <serviceMetadata httpGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     <behavior name=""> 
      <serviceMetadata httpGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    </system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    </system.webServer> 
</configuration>

來源

2011-07-04 07:58:09

1

你不必包括impersonateCallerForAllOperations="true"除非你需要模擬

來源

2011-08-04 16:51:16 Bharathan

+1

的問題是,我需要做的模擬,以檢查客戶端許可 –

相關問題

 相關問題