我已设法使用此.config:
让Windows身份验证与服务调用一起使用<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="Unsecured">
<security mode="None"/>
</binding>
<binding name="Secured">
<security mode="Message">
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehaviour" name="WebApplication.SecureService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="Secured" contract="WebApplication.ISecureService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Windows"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
在服务中,我能够看到谁使用以下方式登录:
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
我想检查用户是否是特定角色的成员,因此我尝试启用roleManager:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
然后使用Roles
Roles.IsUserInRole(@"DOMANIN\Role");
or:
var id = OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
Roles.IsUserInRole(id.Name, @"DOMANIN\Role");
但两者都抛出异常:
“仅当用户名参数与当前Windows标识中的用户名匹配时,才支持方法。”
此外,如果有一个属性来检查角色,那将是理想的,因为它会抛出正确的异常,而不是我自己处理它。
更新
我刚试过这个:
if (Roles.RoleExists(@"DOMANIN\Role"))
并得到了一个不同的例外:
“配置的角色提供程序(WindowsTokenRoleProvider)依赖于Windows身份验证来确定允许用户成为其成员的组.ASP.NET Role Manager不能用于管理Windows用户和组。请使用SQLRoleProvider如果您想支持自定义用户/角色分配。“我将谷歌,只是认为它可以帮助任何正在为我看这个。
答案 0 :(得分:0)
[PrincipalPermission(SecurityAction.Demand, Role = @"DOMAIN\Role")]
public string DoWork()
{
//user is authenticated and in the role
}
如果任何人能够阐明例外情况,仍然会感兴趣。
即使没有启用roleManager,这种方法仍可正常运行。
答案 1 :(得分:0)
例外情况告诉您,您只能检查当前登录用户的角色。要获得String形式的列表,这应该适合您:
Roles.GetRolesForUser()
但是,在使用Forms身份验证时,您无法获得某些任意用户的角色。