我已经设法使用此 .config 使 Windows 身份验证与服务调用一起工作:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="Unsecured">
<security mode="None"/>
</binding>
<binding name="Secured">
<security mode="Message">
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehaviour" name="WebApplication.SecureService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="Secured" contract="WebApplication.ISecureService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Windows"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
在服务中,我可以看到谁使用以下方式登录:
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
我想检查用户是否是特定角色的成员,所以我尝试启用以下roleManager功能:
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<clear/>
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
然后使用检查角色Roles
Roles.IsUserInRole(@"DOMANIN\Role");
or:
var id = OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
Roles.IsUserInRole(id.Name, @"DOMANIN\Role");
但两者都抛出异常:
“仅当用户名参数与当前 Windows 标识中的用户名匹配时,才支持该方法。”
此外,如果有一个属性来检查角色,那将是理想的,因为它会抛出正确的异常,而不是我自己处理它。
更新
我刚试过这个:
if (Roles.RoleExists(@"DOMANIN\Role"))
并得到了一个不同的例外:
“配置的角色提供程序 (WindowsTokenRoleProvider) 依赖于 Windows 身份验证来确定允许用户成为成员的组。ASP.NET 角色管理器不能用于管理 Windows 用户和组。如果您愿意,请使用 SQLRoleProvider支持自定义用户/角色分配。” 我将谷歌搜索,只是认为它可能会帮助那些为我看这个的人。