1

从无安全性切换到证书时,我在IAuthorizationPolicy.Evaluate (evaluationContext.Properties.TryGetValue("Identities", out obj)? 这是设计使然:

由此 :

<binding name="NetTcpBinding_IMyAppClientServiceRegular" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="None">
            <transport clientCredentialType="None"/>
          </security>
        </binding>

对此:

<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>

有什么方法可以避免在 IAuthorizationPolicy.Evaluate 中获取 WindowsIdentity?我只希望在使用此绑定时设置 WindowsIdentity :

<binding name="NetTcpBinding_IMyAppClientServiceWindows" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
          <reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
          <security mode="Message">
            <message clientCredentialType="Windows"/>
          </security>
4

1 回答 1

0

我注意到您没有<security>在 netTcpCertificate 配置中设置模式,而不是您可能想要的:<security mode="Message">. 通过不设置该mode属性,WCF 将使用默认值ofTransport而不是Message您可能想要的证书凭据。当模式设置为传输时,WCF 可能正在传递 Windows 标识,但我没有尝试验证它。

更新:根据下面的评论,您应该确保客户端配置文件端点>indentity>dns>value 与服务器证书CN=值的名称匹配。根据您输入的内容,此值需要为 MyAppServer。

于 2013-01-30T15:06:03.020 回答