WCF Windows身份验证

Question

我想我们的WCF服务返回当前登录的用户名。我在我的服务调用此，

HttpContext.Current.User.Identity.Name 

然而，我不想用户我的Silverlight应用程序对WCF服务的调用时显示一个NT挑战。目前，我禁用了匿名访问并启用了集成身份验证，但由于此原因，我无法将该服务添加到VS2010中的服务参考中。我该怎么做？还应该为WCF服务的web.config设置。我目前使用安全模式设置为None的basicHttpBinding。

添加Web.config文件： 服务器：

<system.serviceModel> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 
<behaviors> 
<serviceBehaviors> 
<behavior name="MyService.MyServiceBehavior"> 
<serviceMetadata httpGetEnabled="true"/> 
<serviceDebug includeExceptionDetailInFaults="true"/> 
<dataContractSerializer maxItemsInObjectGraph="2147483647"/> 
</behavior> 
</serviceBehaviors> 
</behaviors> 
<bindings> 
<basicHttpBinding> 
<binding name="BasicHttpBinding_MyService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="00:40:00" openTimeout="00:40:00" closeTimeout="00:40:00" sendTimeout="00:40:00"> 
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/> 
<security mode="None"/> 
</binding> 
</basicHttpBinding> 
<customBinding> 
<binding name="MyService.MyService.customBinding0"> 
<binaryMessageEncoding/> 
<httpTransport/> 
</binding> 
</customBinding> 
</bindings> 
<services> 
<service behaviorConfiguration="MyService.MyServiceBehavior" name="MyService.MyService"> 
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" name="BasicHttpBinding_MyService" contract="MyService.IMyService"/> 
</service> 
</services> 
</system.serviceModel> 

客户：

<system.serviceModel> 
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 
<behaviors> 
<serviceBehaviors> 
<behavior name="MyService_Behavior"> 
<serviceDebug includeExceptionDetailInFaults="true"/> 
<serviceMetadata httpGetEnabled="true"/> 
</behavior> 
</serviceBehaviors> 
<endpointBehaviors> 
<behavior name="r1"> 
<dataContractSerializer maxItemsInObjectGraph="2147483647"/> 
</behavior> 
</endpointBehaviors> 
</behaviors> 
<bindings> 
<basicHttpBinding> 
<binding name="BasicHttpBinding_MyService" closeTimeout="00:03:00" openTimeout="00:03:00" receiveTimeout="00:10:00" sendTimeout="00:03:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> 
<security mode="None"/> 
</binding> 
</basicHttpBinding> 
</bindings> 
<client> 
<endpoint address="http://localhost:8080/MyService/MyService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="MyService.IMyService" name="BasicHttpBinding_MyService" behaviorConfiguration="r1"/> 
</client> 
</system.serviceModel> 

Answer 1

尝试添加以下端点对你的态度终点，与psudo客户端配置如下

<behaviors> 
    <endpointBehaviors> 
     <behavior name="WindowsBehavior"> 
      <clientCredentials> 
       <windows allowNtlm="false" allowedImpersonationLevel="Delegation"></windows> 
      </clientCredentials> 
      <dataContractSerializer maxItemsInObjectGraph="4194304"></dataContractSerializer> 
     </behavior> 
    </endpointBehaviors> 
</behaviors> 


<endpoint address="http://server/web.svc" behaviorConfiguration="WindowsBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service" contract="IMyContract" name="BasicHttpBinding_Service"> 

Answer 2

您需要在服务绑定配置中启用Windows身份验证。即 参考你这种结合cinfig绑定定义部分

<bindings> 
     <basicHttpBinding> 
      <binding name="basicBindingCfg"> 
       <security mode="TransportCredentialOnly"> 
        <transport clientCredentialType="Windows" /> 
       </security> 
      </binding> 
     </basicHttpBinding> 
    </bindings> 

也是在你的web配置你需要设置Windows身份验证

和使用授权标签用户允许：

<authentication mode="Windows"/> 
    <authorization> 
     <allow roles="<NT group>"/> 
     <allow users="<user name>"/> 
     <deny users="*"/> 
    </authorization>