我接管了不再与我们合作的开发人员的代码。它是一个最初使用传入用户名的WCF Web服务,但我们需要它来使用WindowsIdentity。
string identity = ServiceSecurityContext.Current.WindowsIdentity.Name;
该代码最终返回一个空字符串。我正在使用安全(wsHttpSecure)绑定,因此ServiceSecurityContext.Current不是null或任何东西。我一直在寻找一天的解决方案,但还没有找到任何东西。
因为我是WCF的新手,所以我不确定其他相关信息是什么。以下是IIS中Web服务的启用身份验证设置:
Anonymous Authentication - Enabled
Windows Authentication - Enabled
这是web服务的web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<connectionStrings>
<clear />
<add name="LocalSqlServer" connectionString="Data Source=.\instanceNameHere;Initial Catalog=default;Integrated Security=SSPI;"/>
</connectionStrings>
<appSettings configSource="appSettings.config" />
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
<listeners>
<add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\ServiceLogs\WebServiceLog.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.web>
<trace enabled="true" />
<membership defaultProvider="XIMembershipProvider" userIsOnlineTimeWindow="30">
<providers>
<clear/>
<add name="XIMembershipProvider" type="LolSoftware.MiddleTier.BusinessLogic.XIMembershipProvider"
applicationName="LolWebService"/>
</providers>
</membership>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<client />
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<behaviors configSource="behaviors.config" />
<bindings configSource="bindings.config" />
<services configSource="services.config" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<remove name="svc-ISAPI-4.0_64bit"/>
<remove name="svc-ISAPI-4.0"/>
<remove name="svc-Integrated-4.0"/>
<add name="svc-ISAPI-4.0_64bit" path="*.svc" verb="*" modules="IsapiModule" scriptProcessor="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv4.0,bitness64" />
<add name="svc-ISAPI-4.0" path="*.svc" verb="*" modules="IsapiModule" scriptProcessor="%systemroot%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv4.0,bitness32" />
<add name="svc-Integrated-4.0" path="*.svc" verb="*" type="System.ServiceModel.Activation.HttpHandler, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>
还有bindings.config:
<bindings>
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
<binding name="wsHttp">
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
Behaviors.config:
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceThrottling maxConcurrentCalls="200" maxConcurrentSessions="200" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="XIMembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<!-- -->
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<!-- -->
</behaviors>
Service.config:
<services>
<service name="LolSoftware.MiddleTier.WebService.LolWebService" behaviorConfiguration="serviceBehavior">
<endpoint name="LolWebService_WSHttpEndpointSecure" contract="LolSoftware.MiddleTier.Interfaces.ILolWebService" binding="wsHttpBinding" bindingConfiguration="wsHttpSecure"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
提前致谢。
答案 0 :(得分:7)
如果要获得服务WindowsIdentity
,则必须使用Windows身份验证而不是UserName
身份验证。请注意,Windows身份验证仅适用于您域中的Windows帐户。您应该更改IIS配置并禁用匿名访问。然后将wsHttpBinding
配置更改为:
<bindings>
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
您不需要ASP.NET兼容性即可使用Windows身份验证。
答案 1 :(得分:0)
如果要使用标准ASP.NET方法,则需要将ASP.NET兼容性设置为true:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
如果你在IIS中托管服务,那将是第一道攻击线。还有其他方法可以获得身份,但这应该对你有用。