WCF服务不冒充客户端

时间:2010-12-07 01:27:09

标签: database wcf impersonation

物流: 1个运行WCF服务的服务器。 1个服务器,用于运行WCF服务的数据库。

问题: 我有一个在1台服务器上运行的WCF服务,它连接到一个单独的服务器,以获取它需要检索的必要数据。我的问题是,当从客户端机器调用服务时,我得到一个数据库sql错误,指出“登录失败的用户'NT AUTHORITY \ ANONYMOUS LOGON'。我相信我已经设置了WCF服务来使用模拟。

WCF服务器配置:

<bindings>
  <ws2007HttpBinding>
    <binding maxReceivedMessageSize="214748">
      <security mode="Message">
        <transport clientCredentialType="Windows"
                   proxyCredentialType="Windows" realm="" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true"
                 algorithmSuite="Default" establishSecurityContext="true" />
      </security>
    </binding>
  </ws2007HttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="Host.ServiceBehavior" name="Wcf.MyWebService">
    <endpoint address="" behaviorConfiguration=""
              binding="ws2007HttpBinding" contract="Wcf.MyWebServiceSoap">
      <identity>
        <servicePrincipalName value="ServerMachineName" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding"
              contract="IMetadataExchange" />
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="Host.ServiceBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceAuthorization impersonateCallerForAllOperations="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

WCF服务代码:

public class MySebService: MyWebServiceSoap
{
   [OperationBehavior(Impersonation = ImpersonationOption.Required)]
   public string TestWebMethod()
   {
     DbDal dal = CreateDataAccessLayer();

     return dal.GetStringFromDatabase();
   }
}

客户端配置和代码:

我是以编程方式设置以下配置项:

public void TestWebMethod()
{
  WS2007HttpBinding binding = new WS2007HttpBinding();
  EndpointAddress endpoint = new EndpointAddress("uri");
  ServiceClient client = new ServiceClient(binding, endpoint);
  client.ClientCredentials.Windows.AllowedImpersonationLevel =
                               TokenImpersonationLevel.Impersonation;
  client.ClientCredentials.Windows.AllowNtlm = true;
  string result = client.TestWebMethod();
  client.Close();
}

1 个答案:

答案 0 :(得分:1)

TokenImpersonationLevel.Impersonation 允许服务访问服务本地资源,但不允许服务访问外部资源(例如,其他服务)。

您必须将允许的模拟级别设置为 TokenImpersonationLevel.Delegation 

client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
相关问题
最新问题