SharePoint 2013中的自定义Web服务,具有模拟功能

时间:2014-10-24 10:51:33

标签: web-services wcf sharepoint sharepoint-2013 impersonation

对于SharePoint 2010,我们使用自定义Web服务(非SOAP!)在浏览器显示的页面中为JS代码提供一些第三方数据。这是敏感数据,因此我们使用模拟来确保只有合适的用户才能访问它。我们的解决方案在SharePoint 2013中不再起作用。由于原始解决方案非常复杂,我在SP 2013中构建了一个小而简单的服务,以研究如何设置具有模拟的Web服务。该服务部署到ISAPI的子文件夹。

这是没有冒充的基础,这有效:

TestService.svc:

<%@ ServiceHost 
    Language="C#"
    Debug="true" 
    Service="Sandbox.TestService, $SharePoint.Project.AssemblyFullName$" 
    CodeBehind="TestService.svc.cs" 
    Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressWebServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

TestService.svc.cs中的代码是:

using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;

namespace Sandbox
{
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class TestService
    {
        [OperationContract]
        [WebGet(UriTemplate = "GetAllNumbers",
            ResponseFormat = WebMessageFormat.Json)]
        List<int> GetAllNumbers()
        {
            List<int> result = new List<int>();
            result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
            return result;
        }
    }
}

当我在http://pc00175/_vti_bin/Sandbox/TestService.svc/GetAllNumbers上执行GET时,我收到预期的共鸣[1,1,2,3,5,8,13]。好到目前为止。现在我尝试使用模拟:

using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Security.Principal;

namespace Sandbox
{
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class TestService
    {
        [OperationContract]
        [WebGet(UriTemplate = "GetAllNumbers",
            ResponseFormat = WebMessageFormat.Json)]
        List<int> GetAllNumbers()
        {
            List<int> result = new List<int>();
            WindowsImpersonationContext ctx = ServiceSecurityContext.Current.WindowsIdentity.Impersonate();
            try
            {
                result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
            }
            finally
            {
                ctx.Undo();
            }
            return result;
        }
    }
}

现在我收到带有消息&#34的System.InvalidOperationException;匿名身份无法执行模拟。&#34;在拨打ServiceSecurityContext.Current.WindowsIdentity.Impersonate()时。我需要告诉WCF我们需要模拟该调用。所以我添加了一个属性[OperationBehavior(Impersonation=ImpersonationOption.Required)]

using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Security.Principal;

namespace Sandbox
{
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class TestService
    {
        [OperationContract]
        [WebGet(UriTemplate = "GetAllNumbers",
            ResponseFormat = WebMessageFormat.Json)]
        [OperationBehavior(Impersonation=ImpersonationOption.Required)]
        List<int> GetAllNumbers()
        {
            List<int> result = new List<int>();
            WindowsImpersonationContext ctx = ServiceSecurityContext.Current.WindowsIdentity.Impersonate();
            try
            {
                result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
            }
            finally
            {
                ctx.Undo();
            }
            return result;
        }
    }
}

现在,我在SharePoint日志中发现以下错误:

Error when open web service: System.InvalidOperationException: The contract operation 'GetAllNumbers' requires Windows identity for automatic impersonation. A Windows identity that represents the caller is not provided by binding ('WebHttpBinding','http://tempuri.org/') for contract ('TestService','http://tempuri.org/'.     at System.ServiceModel.Dispatcher.SecurityValidationBehavior.WindowsIdentitySupportRule.ValidateWindowsIdentityCapability(Binding binding, ContractDescription contract, OperationDescription operation)     at System.ServiceModel.Dispatcher.SecurityValidationBehavior.WindowsIdentitySupportRule.Validate(ServiceDescription description)     at System.ServiceModel.Dispatcher.SecurityValidationBehavior.System.ServiceModel.Description.IServiceBehavior.Validate(ServiceDescriptio...

然后我猜我必须在TestService.svc旁边添加一个web.config并添加TransportCredentialsOnly模式,但这没有帮助:

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding>
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm"/>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>
</configuration>

我在SharePoint日志文件中遇到同样的错误。

我希望有人对我有所暗示。

感谢您阅读此内容!

彼得

1 个答案:

答案 0 :(得分:0)

如果您想使用REST,为什么不简单地为此创建一个应用程序?这比在SharePoint中公开WCF服务更容易。然后,您可以配置自己的安全设置。

article可以帮助您解决此问题。

相关问题
最新问题