将 Windows 凭据传递到远程 https WCF 服务
Pass Windows credentials to remote https WCF service
我需要一些帮助,我正在尝试将 windows 凭据传递给 WCF 服务。在 IIS 中,只有 Windows 为这些服务启用身份验证并通过 https 运行。
服务器端配置为:
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="basicHttpBinding" bindingConfiguration="httpsBinding"/>
</protocolMapping>
<bindings>
<basicHttpBinding>
<binding name="httpsBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
在客户端:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyService" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://myserver.net:4343/MyService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyService"
contract="MyServiceReference.IMyService" name="BasicHttpBinding_IMyService" />
</client>
我正在尝试以这种方式使用服务:
Client = new MyServiceClient();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferPoolSize = long.MaxValue;
binding.MaxBufferSize = int.MaxValue;
EndpointAddress ep = new EndpointAddress("https://myserver.net:4343/MyService.svc");
Client = new COMINTSServiceClient(binding, ep);
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
Client.Open();
Array[] obj = Client.RandomMethod();
此代码对我不起作用:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
在服务中,当询问使用 ServiceSecurityContext.Current.WindowsIdentity.Name
调用服务的用户时,总是得到:ISS APPPOOL\ASP.NET v4.0呼叫 domain\user 的
让它工作的唯一方法是写入用户名和密码而不是 DefaultNetworkCredentials。
Client.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\user";
Client.ClientCredentials.Windows.ClientCredential.Password = "passw";
但我不想 user/passw 硬编码。
有什么帮助吗?
尝试:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
保留 CredentialCache
的作业。
我遇到了类似的问题 - 服务器端的“ServiceSecurityContext.Current.WindowsIdentity.Name”返回了错误的用户名,而不是客户端的当前 Windows 用户。结果是“Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials”可能会从 Windows 凭据管理器获取凭据:
我未能找到指示 WCF 避免从该存储中获取凭据的解决方案。解决方法是检查是否为该 IP 地址存储了一些凭据并将其删除。我使用“https://www.nuget.org/packages/CredentialManagement”进行检查和删除。这是代码:
var creds = new Credential();
creds.Type = CredentialType.DomainPassword;
creds.Target = address.Uri.Host;//address is WCF EndpointAddress
if (creds.Load() && creds.Username != System.Security.Principal.WindowsIdentity.GetCurrent().Name)
{
creds.Delete();
}
我需要一些帮助,我正在尝试将 windows 凭据传递给 WCF 服务。在 IIS 中,只有 Windows 为这些服务启用身份验证并通过 https 运行。
服务器端配置为:
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="basicHttpBinding" bindingConfiguration="httpsBinding"/>
</protocolMapping>
<bindings>
<basicHttpBinding>
<binding name="httpsBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
在客户端:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyService" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://myserver.net:4343/MyService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyService"
contract="MyServiceReference.IMyService" name="BasicHttpBinding_IMyService" />
</client>
我正在尝试以这种方式使用服务:
Client = new MyServiceClient();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferPoolSize = long.MaxValue;
binding.MaxBufferSize = int.MaxValue;
EndpointAddress ep = new EndpointAddress("https://myserver.net:4343/MyService.svc");
Client = new COMINTSServiceClient(binding, ep);
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
Client.Open();
Array[] obj = Client.RandomMethod();
此代码对我不起作用:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
在服务中,当询问使用 ServiceSecurityContext.Current.WindowsIdentity.Name
调用服务的用户时,总是得到:ISS APPPOOL\ASP.NET v4.0呼叫 domain\user 的
让它工作的唯一方法是写入用户名和密码而不是 DefaultNetworkCredentials。
Client.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\user";
Client.ClientCredentials.Windows.ClientCredential.Password = "passw";
但我不想 user/passw 硬编码。 有什么帮助吗?
尝试:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
保留 CredentialCache
的作业。
我遇到了类似的问题 - 服务器端的“ServiceSecurityContext.Current.WindowsIdentity.Name”返回了错误的用户名,而不是客户端的当前 Windows 用户。结果是“Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials”可能会从 Windows 凭据管理器获取凭据:
我未能找到指示 WCF 避免从该存储中获取凭据的解决方案。解决方法是检查是否为该 IP 地址存储了一些凭据并将其删除。我使用“https://www.nuget.org/packages/CredentialManagement”进行检查和删除。这是代码:
var creds = new Credential();
creds.Type = CredentialType.DomainPassword;
creds.Target = address.Uri.Host;//address is WCF EndpointAddress
if (creds.Load() && creds.Username != System.Security.Principal.WindowsIdentity.GetCurrent().Name)
{
creds.Delete();
}