WCF Windows身份驗證

Question

我想我們的WCF服務返回當前登錄的用戶名。我在我的服務調用此，

HttpContext.Current.User.Identity.Name 

然而，我不想用戶我的Silverlight應用程序對WCF服務的調用時顯示一個NT挑戰。目前，我禁用了匿名訪問並啓用了集成身份驗證，但由於此原因，我無法將該服務添加到VS2010中的服務參考中。我該怎麼做？還應該爲WCF服務的web.config設置。我目前使用安全模式設置爲None的basicHttpBinding。

添加Web.config文件： 服務器：

<system.serviceModel> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 
<behaviors> 
<serviceBehaviors> 
<behavior name="MyService.MyServiceBehavior"> 
<serviceMetadata httpGetEnabled="true"/> 
<serviceDebug includeExceptionDetailInFaults="true"/> 
<dataContractSerializer maxItemsInObjectGraph="2147483647"/> 
</behavior> 
</serviceBehaviors> 
</behaviors> 
<bindings> 
<basicHttpBinding> 
<binding name="BasicHttpBinding_MyService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="00:40:00" openTimeout="00:40:00" closeTimeout="00:40:00" sendTimeout="00:40:00"> 
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/> 
<security mode="None"/> 
</binding> 
</basicHttpBinding> 
<customBinding> 
<binding name="MyService.MyService.customBinding0"> 
<binaryMessageEncoding/> 
<httpTransport/> 
</binding> 
</customBinding> 
</bindings> 
<services> 
<service behaviorConfiguration="MyService.MyServiceBehavior" name="MyService.MyService"> 
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" name="BasicHttpBinding_MyService" contract="MyService.IMyService"/> 
</service> 
</services> 
</system.serviceModel> 

客戶：

<system.serviceModel> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 
<behaviors> 
<serviceBehaviors> 
<behavior name="MyService_Behavior"> 
<serviceDebug includeExceptionDetailInFaults="true"/> 
<serviceMetadata httpGetEnabled="true"/> 
</behavior> 
</serviceBehaviors> 
<endpointBehaviors> 
<behavior name="r1"> 
<dataContractSerializer maxItemsInObjectGraph="2147483647"/> 
</behavior> 
</endpointBehaviors> 
</behaviors> 
<bindings> 
<basicHttpBinding> 
<binding name="BasicHttpBinding_MyService" closeTimeout="00:03:00" openTimeout="00:03:00" receiveTimeout="00:10:00" sendTimeout="00:03:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> 
<security mode="None"/> 
</binding> 
</basicHttpBinding> 
</bindings> 
<client> 
<endpoint address="http://localhost:8080/MyService/MyService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="MyService.IMyService" name="BasicHttpBinding_MyService" behaviorConfiguration="r1"/> 
</client> 
</system.serviceModel> 

Answer 1

嘗試添加以下端點對你的態度終點，與psudo客戶端配置如下

<behaviors> 
    <endpointBehaviors> 
     <behavior name="WindowsBehavior"> 
      <clientCredentials> 
       <windows allowNtlm="false" allowedImpersonationLevel="Delegation"></windows> 
      </clientCredentials> 
      <dataContractSerializer maxItemsInObjectGraph="4194304"></dataContractSerializer> 
     </behavior> 
    </endpointBehaviors> 
</behaviors> 


<endpoint address="http://server/web.svc" behaviorConfiguration="WindowsBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service" contract="IMyContract" name="BasicHttpBinding_Service"> 

Answer 2

您需要在服務綁定配置中啓用Windows身份驗證。即 參考你這種結合cinfig綁定定義部分

<bindings> 
     <basicHttpBinding> 
      <binding name="basicBindingCfg"> 
       <security mode="TransportCredentialOnly"> 
        <transport clientCredentialType="Windows" /> 
       </security> 
      </binding> 
     </basicHttpBinding> 
    </bindings> 

也是在你的web配置你需要設置Windows身份驗證

和使用授權標籤用戶允許：

<authentication mode="Windows"/> 
    <authorization> 
     <allow roles="<NT group>"/> 
     <allow users="<user name>"/> 
     <deny users="*"/> 
    </authorization>