1

我需要在我的应用程序中使用 Windows 身份验证以及使用 Windows Identity Foundation 的基于声明的授权。我为我的服务使用了以下配置。

<system.identityModel>
   <identityConfiguration>
      <claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/>
   </identityConfiguration>
</system.identityModel>

<system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="CustomTcpBinding" maxConnections="50" openTimeout="01:20:00" receiveTimeout="20.00:00:00" sendTimeout="00:05:00" closeTimeout="01:20:00">
          <security authenticationMode="Kerberos" />
          <reliableSession/>
          <windowsStreamSecurity protectionLevel="None"/>
          <tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
        </binding>
      </customBinding>
    </bindings>

    <services>
        <service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
            <endpoint address="IDummyRebService" 
                      binding="customBinding" bindingConfiguration="CustomTcpBinding" 
                      contract="Framework.Authorization.IDummyRebService" 
                      name="IDummyRebService"/>
            <endpoint address="mex" 
                      binding="mexTcpBinding"
                      contract="IMetadataExchange"/>
            <host>
                <timeouts closeTimeout="00:00:01"/>
                <baseAddresses>
                    <add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
                </baseAddresses>
            </host>
        </service>
    </services>

    <behaviors>
        <serviceBehaviors>
            <behavior name="Framework.Authorization.DummyRebServiceBehavior">
                <serviceCredentials useIdentityConfiguration="true" />
                <serviceAuthorization principalPermissionMode="Always" />  
                <serviceMetadata httpGetEnabled="True"/>
                <dataContractSerializer maxItemsInObjectGraph="1000000000"/>
                <serviceDebug includeExceptionDetailInFaults="True"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

我在通过反复试验工作时遇到了一些或其他问题,但找不到确定的解决方案。目前服务无法启动,因为“需要两种方式的合同,但绑定不支持...”错误。除此之外,每当我尝试在 WCF 测试客户端中添加服务时,我在 AuthorizationManager 的 CheckAccess 方法(派生自 ClaimsAuthorizationManager)中将 userName (authorizationContext.Principal.Identity.Name) 设为 null。

基本上我需要配置服务,以便 WCF 服务在收到客户端调用时获取 Windows 主体。

任何帮助,将不胜感激。如果需要,我可以提供更多详细信息。

4

1 回答 1

0

经过多次试验和错误,以下配置对我有用。

<configuration>
    <configSections>
      <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    </configSections>

      <system.identityModel>
        <identityConfiguration>
          <claimsAuthenticationManager type = "Framework.Services.Security.PrincipalTransformer, ClaimsAuthorizationService"/>
          <claimsAuthorizationManager type="Framework.Services.Security.AuthorizationManager, ClaimsAuthorizationService"/>
        </identityConfiguration>
      </system.identityModel>

    <system.serviceModel>
      <bindings>
        <customBinding>
          <binding name="CustomTcpBinding" closeTimeout="01:20:00" openTimeout="00:00:30"
            receiveTimeout="20.00:00:00" sendTimeout="00:05:00">
            <reliableSession />
            <windowsStreamSecurity protectionLevel="None" />
            <tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
          </binding>
        </customBinding>
      </bindings>

      <services>
        <service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
          <endpoint address="IDummyRebService"
                    binding="customBinding" bindingConfiguration="CustomTcpBinding"
                    contract="Framework.Authorization.IDummyRebService"
                    name="IDummyRebService"/>
          <endpoint address="mex"
                    binding="mexTcpBinding"
                    contract="IMetadataExchange"/>
          <host>
            <timeouts closeTimeout="00:00:01"/>
            <baseAddresses>
              <add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
            </baseAddresses>
          </host>
        </service>
      </services>

      <behaviors>
        <serviceBehaviors>
          <behavior name="Framework.Authorization.DummyRebServiceBehavior">
            <serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure"  suppressAuditFailure="True"/>
            <serviceCredentials useIdentityConfiguration="true"/>
            <serviceAuthorization principalPermissionMode="Always"/>
            <serviceMetadata httpGetEnabled="False"/>
            <dataContractSerializer maxItemsInObjectGraph="1000000000"/>
            <serviceDebug includeExceptionDetailInFaults="True"/>
          </behavior>
        </serviceBehaviors>
      </behaviors>
    </system.serviceModel>

    <startup>
      <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
    </startup>
   </configuration>
于 2014-05-12T15:03:11.757 回答