我有一个简单的WebService,比如'localhost:52028 / Service1.asmx / SayHello?name ='username''来显示一个字符串。我必须使用Active Directory保护此Web服务,以便只有有效用户才能访问此服务。
我尝试了这个link中的步骤,但是我认为配置太多了,有没有其他简单的方法来保护使用ActiveDirectory的Web服务?
答案 0 :(得分:2)
希望这会有所帮助。您可以查看不同的群组
string currentUser = Environment.UserName;
PrincipalContext context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName);
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, "YOURUSERSGROUP");
UserPrincipal user = UserPrincipal.FindByIdentity(context, currentUser);
样本将类似于
using System;
using System.Collections;
using System.ComponentModel;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.DirectoryServices.AccountManagement;
using System.Security;
using System.Globalization;
namespace SayHelloClassification
{
[WebService(Namespace = "http://localhost/Service1/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ToolboxItem(false)]
public class Service1 : System.Web.Services.WebService
{
[WebMethod(Description = "Call to change classification")]
public string SayHello()
{
string currentUser = Environment.UserName;
PrincipalContext context = new PrincipalContext(ContextType.Domain,
Environment.UserDomainName);
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, "YOURUSERSGROUP");
UserPrincipal user = UserPrincipal.FindByIdentity(context, currentUser);
if (!user.IsMemberOf(group))
{
throw new SecurityException("Access Denied: User has no permission to process the
request");
}
else
{
// Authenticated
// Your Code Goes here
}
}
}
你可以在这里找到WCF的详细信息,但你可以像我一样用它作为asmx。
http://www.codeproject.com/Articles/541318/Authenticating-a-Web-service-with-Active-Directory
您可以找到转到DOS cmd的组并输入此命令GPRESULT / r