如何在WCF服务中为自定义绑定配置Windows身份验证?

时间:2013-11-11 18:14:52

标签: wcf security authorization wif claims-based-identity

我需要在我的应用程序中使用Windows身份验证以及使用Windows Identity Foundation进行基于声明的授权。我已经为我的服务使用了以下配置。

          

<system.identityModel>
   <identityConfiguration>
      <claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/>
   </identityConfiguration>
</system.identityModel>

<system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="CustomTcpBinding" maxConnections="50" openTimeout="01:20:00" receiveTimeout="20.00:00:00" sendTimeout="00:05:00" closeTimeout="01:20:00">
          <security authenticationMode="Kerberos" />
          <reliableSession/>
          <windowsStreamSecurity protectionLevel="None"/>
          <tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
        </binding>
      </customBinding>
    </bindings>

    <services>
        <service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
            <endpoint address="IDummyRebService" 
                      binding="customBinding" bindingConfiguration="CustomTcpBinding" 
                      contract="Framework.Authorization.IDummyRebService" 
                      name="IDummyRebService"/>
            <endpoint address="mex" 
                      binding="mexTcpBinding"
                      contract="IMetadataExchange"/>
            <host>
                <timeouts closeTimeout="00:00:01"/>
                <baseAddresses>
                    <add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
                </baseAddresses>
            </host>
        </service>
    </services>

    <behaviors>
        <serviceBehaviors>
            <behavior name="Framework.Authorization.DummyRebServiceBehavior">
                <serviceCredentials useIdentityConfiguration="true" />
                <serviceAuthorization principalPermissionMode="Always" />  
                <serviceMetadata httpGetEnabled="True"/>
                <dataContractSerializer maxItemsInObjectGraph="1000000000"/>
                <serviceDebug includeExceptionDetailInFaults="True"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

我遇到一些或其他问题,因为我正在通过反复试验,但无法找到一个确定的解决方案。目前该服务无法启动,因为“需要双向合同,但绑定不支持...”错误。除此之外,每当我尝试在WCF测试客户端中添加服务时,我在AuthorizationManager的CheckAccess方法(派生自ClaimsAuthorizationManager)中将userName(authorizationContext.Principal.Identity.Name)作为null获取。

基本上我需要配置服务,以便WCF服务在从客户端调用时获取Windows Principal。

任何帮助将不胜感激。如果需要,我可以提供更多细节。

1 个答案:

答案 0 :(得分:0)

经过多次试验和错误后,以下配置对我有用。

<configuration>
    <configSections>
      <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    </configSections>

      <system.identityModel>
        <identityConfiguration>
          <claimsAuthenticationManager type = "Framework.Services.Security.PrincipalTransformer, ClaimsAuthorizationService"/>
          <claimsAuthorizationManager type="Framework.Services.Security.AuthorizationManager, ClaimsAuthorizationService"/>
        </identityConfiguration>
      </system.identityModel>

    <system.serviceModel>
      <bindings>
        <customBinding>
          <binding name="CustomTcpBinding" closeTimeout="01:20:00" openTimeout="00:00:30"
            receiveTimeout="20.00:00:00" sendTimeout="00:05:00">
            <reliableSession />
            <windowsStreamSecurity protectionLevel="None" />
            <tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
          </binding>
        </customBinding>
      </bindings>

      <services>
        <service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
          <endpoint address="IDummyRebService"
                    binding="customBinding" bindingConfiguration="CustomTcpBinding"
                    contract="Framework.Authorization.IDummyRebService"
                    name="IDummyRebService"/>
          <endpoint address="mex"
                    binding="mexTcpBinding"
                    contract="IMetadataExchange"/>
          <host>
            <timeouts closeTimeout="00:00:01"/>
            <baseAddresses>
              <add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
            </baseAddresses>
          </host>
        </service>
      </services>

      <behaviors>
        <serviceBehaviors>
          <behavior name="Framework.Authorization.DummyRebServiceBehavior">
            <serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure"  suppressAuditFailure="True"/>
            <serviceCredentials useIdentityConfiguration="true"/>
            <serviceAuthorization principalPermissionMode="Always"/>
            <serviceMetadata httpGetEnabled="False"/>
            <dataContractSerializer maxItemsInObjectGraph="1000000000"/>
            <serviceDebug includeExceptionDetailInFaults="True"/>
          </behavior>
        </serviceBehaviors>
      </behaviors>
    </system.serviceModel>

    <startup>
      <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
    </startup>
   </configuration>
相关问题
最新问题