使用kerberos连接到数据库

时间:2014-08-15 13:31:54

标签: asp.net wcf active-directory kerberos

我有以下问题: 在我的客户端,我呼叫asp.net网站,该网站通过IIS与我的WCF相关联。我从客户端传递Active Directory用户,然后从IIS传递,我尝试连接到SQL-Server(与IIS在同一台计算机上)。
直到这里一切正常!但是当我尝试与AD用户建立数据库连接时,我得到EntityCommandExecutionException

  

将请求发送到服务器时发生传输级错误。 (提供者:共享内存提供者,错误:0

内部异常

  

未提供所需的模拟级别,或者提供的模拟级别无效

我真的不知道如何处理这个或在IIS或某些web.config设置的内容  将此用户传递给数据库 也许有人知道如何解决这个具体问题?

修改
这是WCF-Client的Web.config:

<?xml version="1.0" encoding="utf-8"?>    
<configuration>
  <appSettings>
    <add key="webpages:Version" value="2.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>

  <system.web>
    <httpRuntime targetFramework="4.5" />

    <compilation debug="true" targetFramework="4.5" />
    <customErrors mode="Off"/>
    <identity impersonate="true"/>
    <authentication mode="Windows" />

    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
  </system.webServer>
  <system.serviceModel>

    <bindings>
      <ws2007HttpBinding>
        <binding name="ws2007Binding" closeTimeout="00:10:00" sendTimeout="00:10:00"
          transactionFlow="false" >
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </ws2007HttpBinding>
    </bindings>

    <client>
      <endpoint address="http://server/service/Service.svc"
        binding="ws2007HttpBinding" bindingConfiguration="" contract="Service.IService"
        name="ws2007HttpBinding_IService">
        <identity>
          <servicePrincipalName value="MSSQLsvc/server:1433" />
        </identity>
      </endpoint>
    </client>

  </system.serviceModel>
</configuration>

,这个是针对WCF服务的:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>

  <system.serviceModel>        
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <bindings>
      <ws2007HttpBinding>
        <binding name="ws2007Binding" closeTimeout="00:10:00" sendTimeout="00:10:00"
          transactionFlow="false" >
          <security mode="Message">
            <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true"/>
          </security>
        </binding>
      </ws2007HttpBinding>
    </bindings>

    <protocolMapping>
      <add binding="ws2007HttpBinding" scheme="http" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />

    <directoryBrowse enabled="true" />
  </system.webServer>
  <connectionStrings>
    <add name="Entities" connectionString="metadata=res://*/Models.Model.csdl|res://*/Models.Model.ssdl|res://*/Models.Model.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=Server;initial catalog=Database;integrated security=False;User Id=user;password=password;multipleactiveresultsets=True;application name=EntityFramework&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
</configuration>

现在我使用Web.Config中的用户访问数据库,其中一切正常,但是当我尝试委派我的AD用户然后连接到数据库时,我得到一个例外:

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public List<string> GetInfo(string text)
{
    using (var db = new Entities())
    {
        var someTempInfos = db.Infos.Find(text); //<-- EntityCommandExecutionException
        ...

    }
}

2 个答案:

答案 0 :(得分:1)

我们遇到了类似的错误,我可以通过禁用共享内存提供程序来修复它,从而强制SQL客户端使用TCP / IP。在生产环境中,你几乎从不在同一台机器上安装SQL服务器,所以我怀疑为什么这个错误在那里不会发生。

答案 1 :(得分:0)

最后我开始工作了。我忘记将模拟等级设置为Delegation。因此,解决方案是在创建服务后在(client-)方法中设置模拟级别:

    var service = ServiceFunctions.GetService();

    if (service.ClientCredentials != null)
        service.ClientCredentials.Windows.AllowedImpersonationLevel =
                           TokenImpersonationLevel.Delegation;
相关问题
最新问题