WCF 如何与 Kerberos 一起工作?
How does WCF work with Kerberos?
我在服务和客户端之间使用 WCF(Windows 服务自托管)netTCP。这就是自定义绑定的样子
<binding name="netTcpWindowMessageSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false" />
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
我真正做的唯一一件事是将当前(登录)Windows 用户(在客户端)映射到我服务中的用户。
我知道服务和客户端之间的通信将被加密,但是会使用 Kerberos 吗?我怎么知道?什么决定是否使用?
编辑:
我可以在我的 Evenlog > 安全中看到这个
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x310
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
通过遵循 Erik Funkenbusch 的建议,我获得了安全通信。这是我必须改变的
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" clientCredentialType="Windows"></transport>
</security>
我在服务和客户端之间使用 WCF(Windows 服务自托管)netTCP。这就是自定义绑定的样子
<binding name="netTcpWindowMessageSecurity" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false" />
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
我真正做的唯一一件事是将当前(登录)Windows 用户(在客户端)映射到我服务中的用户。
我知道服务和客户端之间的通信将被加密,但是会使用 Kerberos 吗?我怎么知道?什么决定是否使用?
编辑:
我可以在我的 Evenlog > 安全中看到这个
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x310
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
通过遵循 Erik Funkenbusch 的建议,我获得了安全通信。这是我必须改变的
<security mode="Transport">
<transport protectionLevel="EncryptAndSign" clientCredentialType="Windows"></transport>
</security>