将Windows凭据传递给远程https WCF服务

时间:2016-02-05 11:34:22

标签: c# wcf web-config credentials

我需要一些帮助,我正在尝试将Windows凭据传递给WCF服务。在IIS中,仅为这些服务启用Windows身份验证,并通过https运行。

服务器端配置为:

<system.serviceModel>
<protocolMapping>
  <add scheme="https" binding="basicHttpBinding" bindingConfiguration="httpsBinding"/>
</protocolMapping>
<bindings>
  <basicHttpBinding>
    <binding name="httpsBinding">
      <security mode="Transport">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />          
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>

并在客户端:

<system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IMyService" maxBufferPoolSize="2147483647"
      maxReceivedMessageSize="2147483647">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="https://myserver.net:4343/MyService.svc"
    binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyService"
    contract="MyServiceReference.IMyService" name="BasicHttpBinding_IMyService" />
</client>

我正试图以这种方式使用服务:

Client = new MyServiceClient();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferPoolSize = long.MaxValue;
binding.MaxBufferSize = int.MaxValue;

EndpointAddress ep = new EndpointAddress("https://myserver.net:4343/MyService.svc");
Client = new COMINTSServiceClient(binding, ep);
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential =  System.Net.CredentialCache.DefaultNetworkCredentials;
Client.Open();
Array[] obj = Client.RandomMethod();

此代码对我不起作用:

    Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
    Client.ClientCredentials.Windows.ClientCredential =  System.Net.CredentialCache.DefaultNetworkCredentials;

在服务中,当要求使用ServiceSecurityContext.Current.WindowsIdentity.Name呼叫服务的用户时,总是得到: ISS APPPOOL \ ASP.NET v4.0 而不是域\用户调用

使其工作的唯一方法是编写用户名和密码,而不是DefaultNetworkCredentials。

Client.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\\user";
Client.ClientCredentials.Windows.ClientCredential.Password = "passw";

但我不希望用户/密码硬编码。 有什么帮助吗?

2 个答案:

答案 0 :(得分:1)

尝试:

Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

保留CredentialCache的作业。

答案 1 :(得分:0)

我遇到了类似的问题 - 服务器端的“ServiceSecurityContext.Current.WindowsIdentity.Name”返回了错误的用户名,而不是客户端的当前 Windows 用户。原来“Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials”可能会从 Windows 凭据管理器获取凭据: enter image description here

我未能找到指示 WCF 避免从该存储中获取凭据的解决方案。解决方法是检查是否为该 IP 地址存储了某些凭据并将其删除。我使用“https://www.nuget.org/packages/CredentialManagement”进行检查和删除。代码如下:

            var creds = new Credential();
            creds.Type = CredentialType.DomainPassword;
            creds.Target = address.Uri.Host;//address is WCF EndpointAddress
            if (creds.Load() && creds.Username != System.Security.Principal.WindowsIdentity.GetCurrent().Name)
            {
                creds.Delete();
            }
相关问题
最新问题