WCF模拟不拒绝文件系统访问权限

时间:2017-04-25 18:55:19

标签: c# wcf filesystems impersonation wshttpbinding

我无法获得自托管的WCF应用程序来尊重服务器端模拟文件系统访问权限。

当我运行服务(我可以毫无问题地连接)时,我能够访问我不应该访问的文件系统,在本例中为CreateDirectory()。当客户端调用该服务时,我可以看到它命中服务器,但是它没有被拒绝访问文件系统,仍然在受限制的文件夹中创建一个目录。

我已拒绝对当前用户的文件夹的访问权限,并尝试在从主线程启动服务器时创建目录,并且它因访问被拒绝而失败。当我调用WindowsIdentity.GetCurrent()时,应该注意。名称显示两个实例的名称相同。

我已经为下面的服务器端和客户端连接包含了设置配置的端点。

服务合同代码:

public string Ping()
    {
        System.Security.Principal.WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
        using (callerWindowsIdentity.Impersonate())
        {
            DirectoryInfo test = Directory.CreateDirectory(@"C:\NoPermisionFolder\Test");

            string returnMe = WindowsIdentity.GetCurrent().Name + " " + test.ToString();

            return returnMe;
        }
    }

服务器代码:

// First procedure:
// create a WSHttpBinding that uses Windows credentials and message security
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Message;
myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

// 2nd Procedure:
// Use the binding in a service
// Create the Type instances for later use and the URI for 
// the base address.
Type contractType = typeof(ITest);
Type serviceType = typeof(Test);
Uri baseAddress = new Uri("http://address:port/");

// Create the ServiceHost and add an endpoint, then start
// the service.
ServiceHost myServiceHost = new ServiceHost(serviceType, baseAddress);
myServiceHost.AddServiceEndpoint(contractType, myBinding, "");

//enable metadata
ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
myServiceHost.Description.Behaviors.Add(smb);

myServiceHost.Open();
Console.WriteLine("Listening");
Console.WriteLine("Press Enter to close the service");
Console.ReadLine();
myServiceHost.Close();

客户代码:

string address = "http://address:port/";
WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message);
binding.Security.Message.ClientCredentialType = 
MessageCredentialType.Windows;

EndpointAddress endpointAddress = new EndpointAddress(new Uri(address), 
EndpointIdentity.CreateSpnIdentity("host/computerAddress"));

TestClient client = new TestClient(binding, endpointAddress);//"WSHttpBinding_ITest");
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.Open();

string test = client.Ping();

client.Close();

Console.WriteLine(test);
Console.WriteLine("Press Enter to close the service");
Console.ReadLine();

0 个答案:

没有答案
相关问题
最新问题