【发布时间】:2015-06-13 20:39:24
【问题描述】:
我有一个调用“业务”WCF 服务的 Windows 窗体应用程序。我们称其为 Business1。然后 Business1 调用 Service1 - 我希望来自客户端的凭据通过 Busines1 流入 Service1。
目前我从 Busines1 收到“身份验证失败”- 呼叫甚至无法到达第二个服务。
我已将此服务配置如下:
业务 1 配置:
<system.serviceModel>
<client>
<endpoint address="http://cdm/ecm/DocumentManagement.svc" binding="wsHttpBinding"
bindingConfiguration="ConversantDocumentManagement" contract="ECM.IDocumentManagement" behaviorConfiguration="DelegationBehavior"
name="ConversantDocumentManagement">
</endpoint>
</client>
<services>
<service name="Conversant.Applications.Services.Prosecution.ProsecutionService" behaviorConfiguration="ProsecutionServiceBehavior" >
<endpoint address="" binding="wsHttpBinding" name="ConversantProsecutionServiceEndpoint" contract="Conversant.Applications.Services.Prosecution.IProsecutionService" bindingConfiguration="ConversantProsecutionBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ConversantProsecutionBinding" maxReceivedMessageSize="2147483647">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
<binding name="ConversantDocumentManagement">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ProsecutionServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="DelegationBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<!--<add binding="basicHttpsBinding" scheme="https"/>
<add binding="wsHttpBinding" scheme="https"/>-->
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
Service1 配置:
<system.serviceModel>
<services>
<service behaviorConfiguration="ECMServiceBehavior" name="Conversant.Applications.Services.ECM.Authentication">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_Authentication"
name="ConversantDocumentManagement" contract="Conversant.Applications.Services.ECM.IAuthentication" >
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<service behaviorConfiguration="ECMServiceBehavior" name="Conversant.Applications.Services.ECM.DocumentManagement">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_DocumentManagement"
name="ConversantDocumentManagement" contract="Conversant.Applications.Services.ECM.IDocumentManagement">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_DocumentManagement" receiveTimeout="00:05:00"
maxReceivedMessageSize="2147483647" />
<binding name="BasicHttpBinding_Authentication" />
<binding name="BasicHttpBinding_ContentService" messageEncoding="Mtom" />
<binding name="ECMServer_NoAuth" maxReceivedMessageSize="2147483647"
transferMode="Streamed">
<security mode="None" />
</binding>
<binding name="AuthenticationPortBinding" />
</basicHttpBinding>
<wsHttpBinding><binding name="wsHttpBinding_DocumentManagement" receiveTimeout="00:05:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" >
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true"/>
</security>
</binding>
<binding name="wsHttpBinding_Authentication">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ECMServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="myBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
最后,为了完成,Windows 窗体客户端(嗯,它现在实际上是一个单元测试客户端 - 但同样的想法)
客户端配置:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="ConversantProsecutionServiceEndpoint" openTimeout="00:03:00"
receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://cdm/prosecution/ProsecutionService.svc"
binding="wsHttpBinding" bindingConfiguration="ConversantProsecutionServiceEndpoint"
contract="ProsecutionService.IProsecutionService" name="ConversantProsecutionServiceEndpoint" behaviorConfiguration="DelegationBehavior">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="DelegationBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
我希望在当前登录的用户下完成从 Business1 到 Service1 的调用。
domain\johndoe 应该是整个调用过程中的用户。
谁有使用 WCF 的模拟/委托示例的链接?
谢谢!
【问题讨论】:
-
它是多跳请求吗?呼叫是从一台服务器(business1 服务器)到第二台服务器(server1)吗?
-
是的,它将从业务 1 转到服务 1。两种服务都在同一台服务器上。我将 HTTP/主机名(以及 FQDN)的 SPN 记录添加到运行应用程序池的域帐户
标签: c# .net wcf security impersonation