使用 AzMan 角色提供程序实现 IIS 托管的 WCF 服务

【问题标题】:Implemeneting IIS hosted WCF service with AzMan role provider使用 AzMan 角色提供程序实现 IIS 托管的 WCF 服务
【发布时间】:2015-02-24 09:44:12
【问题描述】:

我尝试实现一个托管在 IIS 上的 WCF 服务,用户要求进行一些模板文件转换,并将处理后的文件返回给他们(如果他们被授权使用他们要求的模板)。
我选择了 Visual Studio 项目模板“WCF 服务应用程序”,并获得了一个将 aspNetCompatibilityEnabled 设置为 true 等的项目。
我考虑使用 AzMan 授权来实现我的需求,因为我熟悉该机制并用它做了类似的事情。
但是,我无法调试该服务,因为我得到 401 未经授权。 我假设没有发送用户令牌。

1.如何为 WCF、IIS 托管服务启用 Azman 使用?
2. WCF 中是否嵌入了类似的机制,可以帮助检查用户是否属于允许访问某个站点文件夹的组?

配置:

<configuration>
   <connectionStrings>
      <add name="LocalPolicyStore"connectionString="msxml://c:/RolesData/azmanstore.xml" />             </connectionStrings>
   <appSettings>
      <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
<system.web>
   <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
    <authentication mode="Windows" />
    <authorization>
       <deny users="?" />
     </authorization>
     <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="RoleManagerAzManProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="true" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
   <providers>
    <add name="RoleManagerAzManProvider" type="System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalPolicyStore" applicationName="DRP" />
  </providers>
 </roleManager>
</system.web>
<system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="metadataBehavior">
      <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"  />
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>

      <serviceAuthorization principalPermissionMode="UseAspNetRoles" 
                      roleProviderName="RoleManagerAzManProvider" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<services>
  <service name="ExcelGeneratingService.ExcelGeneratorService" behaviorConfiguration="metadataBehavior">
    <endpoint
      address=""  
      binding="basicHttpBinding" bindingConfiguration="excelGeneratorServiceBinding"
      contract="ExcelGeneratingService.IExcelGeneratorService"/>
    <endpoint
        address="mex"
        binding="mexHttpBinding"
        contract="IMetadataExchange"/>
  </service>
</services>
 <bindings>
  <basicHttpBinding>
      <binding name="excelGeneratorServiceBinding">
          <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Windows" />
          </security>
      </binding>
  </basicHttpBinding>
 </bindings>
<protocolMapping>
    <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"   multipleSiteBindingsEnabled="true" />
 </system.serviceModel>
 <system.webServer>
 <modules runAllManagedModulesForAllRequests="true"/>
  <!--
      To browse web app root directory during debugging, set the value below to true.
    Set to false before deployment to avoid disclosing web app folder information.
  -->
<directoryBrowse enabled="true"/>
</system.webServer>

 </configuration>

代码:

     //Check if the user is allowed to access this path
     if (!UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtPath, user, "GET"))
        {
            return false;
        }

【问题讨论】:

    标签: asp.net web-services wcf iis authorization


    【解决方案1】:

    我已经解决了。我希望它会帮助某人。

    1. 对配置的一些修复(附加)。所有用户都允许但在较低级别的文件夹中过滤。
    2. 在操作系统的 IIS 上安装缺少的授权处理程序(打开 Windows 功能...)
    3. 使用本地 IIS 而不是 Visual Studio 中的 IIS Express
    4. 如果 IIS 虚拟文件夹创建失败,请清理用户数据文件夹 (C:\Users\\Documents\IISExpress\config) 中的 IIS Express 配置
    5. 为服务应用程序池用户(来自 IIS)授予我的 azman 存储读取器安全权限(在 azman 控制台)。

    配置:

       <?xml version="1.0" encoding="UTF-8"?>
   <configuration>
      <connectionStrings>
         <add name="LocalPolicyStore" connectionString="msxml://c:/RolesData/ExcelGeneration.xml" />
          </connectionStrings>
          <appSettings>
             <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
          </appSettings>
       <system.web>
       <compilation debug="true" targetFramework="4.5" />
       <httpRuntime targetFramework="4.5" />
       <authentication mode="Windows" />
       <authorization>
          <allow users="*" />
       </authorization>
       <identity impersonate="false" />
       <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="RoleManagerAzManProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="true" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
         <providers>
           <add name="RoleManagerAzManProvider" type="System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalPolicyStore" applicationName="ExcelGeneration" />
         </providers>
      </roleManager>
    </system.web>
 <system.serviceModel>
    <behaviors>
       <serviceBehaviors>
           <behavior name="metadataBehavior">
               <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
               <serviceDebug includeExceptionDetailInFaults="true" />
               <serviceAuthorization principalPermissionMode="UseAspNetRoles"
        roleProviderName="RoleManagerAzManProvider" />
          </behavior>
  </serviceBehaviors>
</behaviors>
<services>
  <service name="ExcelGeneratingService.ExcelGeneratorService" behaviorConfiguration="metadataBehavior">
    <endpoint address="" bindingConfiguration="excelGeneratorServiceBinding" binding="basicHttpBinding" contract="ExcelGeneratingService.IExcelGeneratorService">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
</services>
<bindings>
  <basicHttpBinding>
      <binding name="excelGeneratorServiceBinding">
          <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Windows" />
          </security>
      </binding>
  </basicHttpBinding>
</bindings>

   <protocolMapping>
      <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>
   <serviceHostingEnvironment aspNetCompatibilityEnabled="true"  multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
      <modules runAllManagedModulesForAllRequests="true" />
      <!--
          To browse web app root directory during debugging, set the value  below to true.
    Set to false before deployment to avoid disclosing web app folder information.
       -->
     <directoryBrowse enabled="true" />
   </system.webServer>

    【讨论】:

      猜你喜欢
      • 2017-02-04
      • 2011-10-14
      • 2015-01-04
      • 1970-01-01
      • 2022-12-13
      • 1970-01-01
      • 1970-01-01
      • 2011-08-12
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode