1

我正在使用Microsoft.IdentityModel.dllSet & Get 中的声明WCF。我还实施MessageInspectors了设置索赔。因此,我正在ClaimsIdentity从客户端添加如下请求标头。

public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
    var claims = new List<Claim> { new Claim(UserIdClaim, "12345"), };
    ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims);
    MessageHeader<ClaimsIdentity> header = new MessageHeader<ClaimsIdentity>(claimsIdentity);
    var untypedHeader = header.GetUntypedHeader(ClaimsName, ClaimsNameSpace);
    request.Headers.Add(untypedHeader);

    return null;
}

而服务端,

public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
    ClaimsIdentity claimsIdentity = request.Headers.GetHeader<ClaimsIdentity>(ClaimsName, ClaimsNameSpace);
    var claimsIdentitylst = new ClaimsIdentityCollection(new List<IClaimsIdentity> { claimsIdentity });
    IClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentitylst);
    Thread.CurrentPrincipal = claimsPrincipal;

    return null;
}

我正在尝试访问方法 implementation( OperationContract) 中 的声明值,AfterReceiveRequest如下所示。但索赔在 中不可用Thread.CurrentPrincipal

var userIdClaim = ((IClaimsIdentity)Thread.CurrentPrincipal.Identity).Claims.First(c => c.ClaimType == UserIdClaim);

userIdClaim此处为空。

有任何想法吗?

4

2 回答 2

3

Well - besides what you are doing is very uncommon practice - there is only one place in the WCF pipeline where you can safely set Thread.CurrentPrincipal. That's in a service authorization manager when PrincipalPermissionMode is set to Custom.

Typically you would rather pass the claims as part of a security token (like SAML) and let WCF do the server side plumbing for you.

于 2013-05-06T06:51:58.110 回答
0

您可能有充分的理由手动执行此操作,但 wcf 中的身份传递是使用 wsFederationHttpBinding 开箱即用处理的。您可以在 WIF SDK 或在线http://msdn.microsoft.com/nl-be/library/aa355045.aspx中找到示例。

于 2013-05-05T18:11:48.867 回答