Question

当从无安全性切换到证书时，我在IAuthorizationPolicy.Evaluate (evaluationContext.Properties.TryGetValue("Identities", out obj)中获得了WindowsIdentity？这是设计的：

由此：

<binding name="NetTcpBinding_IMyAppClientServiceRegular" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="None">
            <transport clientCredentialType="None"/>
          </security>
        </binding>

对此：

<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>

有没有办法避免在IAuthorizationPolicy.Evaluate中获取WindowsIdentity？我只想在使用此绑定时设置WindowsIdentity：

<binding name="NetTcpBinding_IMyAppClientServiceWindows" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="Message">
            <message clientCredentialType="Windows"/>
          </security>

Answer 1

我注意到你没有在netTcpCertificate配置中的<security>中设置模式而不是你想要的模式：<security mode="Message">。如果不设置mode属性，WCF将使用Transport Message代替CN=，这是您可能需要的证书凭据。当模式设置为传输时，WCF可能正在传递Windows身份，但我还没有尝试验证它。

更新：根据以下注释，您应确保客户端配置文件端点＆gt; indentity＆gt; dns＆gt;值与服务器证书{{1}}值的名称相匹配。根据您输入的内容，该值必须是MyAppServer。

为什么在使用邮件安全性时会获得WindowsIdentity？

1 个答案: