我是 WCF 的新手,但我有一个托管在 IIS 中的 WCF 服务,它对我们的 SQL Server 有多个查询。我正在使用 WPF 应用程序使用 WCF 服务。我想要做的是允许 Windows 身份验证从 WPF 客户端传递到 WCF 服务,再到 SQL Server,以便以客户端用户身份执行 SQL 查询。到目前为止,我一直在尝试以各种方式配置网站和主机,但没有成功。
在我的 WCF 服务网站上,我有 Anonymous Authentication=true(对于 MEX)、ASP.NET Impersonation=true 和 Windows Authentication=true。
在我的 WCF 服务 Web.config 中:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Windows"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="5000000" name="WindowsSecurity">
<readerQuotas maxDepth="200"/>
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="ADATrackingService" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity"
name="wsHttpEndpoint" contract="IADATrackingService" />
<endpoint address="mex" binding="mexHttpsBinding" name="MexHttpsBindingEndpoint"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<connectionStrings>
<add name="ADATrackingEntities" connectionString="metadata=res://*/EntityModel.ADATrackingModel.csdl|res://*/EntityModel.ADATrackingModel.ssdl|res://*/EntityModel.ADATrackingModel.msl;provider=System.Data.SqlClient;provider connection string="data source=MYSERVER;initial catalog=ADATracking;integrated security=True;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
然后在我的 WPF 客户端 App.Config 中我有:
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="WindowsAuthentication">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="5000000"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="200" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://MyService.svc"
binding="wsHttpBinding" behaviorConfiguration="WindowsAuthentication" bindingConfiguration="wsHttpEndpoint"
contract="ADATrackingService.IADATrackingService" name="wsHttpEndpoint">
<identity>
<servicePrincipalName value="host/MyServer.com" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
我的服务调用只是使用允许模拟的元数据从 SQL 返回简单查询。每次我运行客户端并从我的服务中调用某些东西时,即使在 IIS 中设置了 AnonymousAuthentication=false,我也会在打开“NT Authority/ANONYMOUS LOGIN”的数据连接时出错???任何帮助将不胜感激。谢谢!
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public List<IndividualDisability> GetIndividualDisabilities()
{
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
if (callerWindowsIdentity == null)
{
throw new InvalidOperationException
("The caller cannot be mapped to a Windows identity.");
}
using (callerWindowsIdentity.Impersonate())
{
using (var context = new ADATrackingEntities())
{
return context.IndividualDisabilities.OfType<IndividualDisability>().Include("ADACode").Include("Individual").Include("Disability").ToList();
}
}
}
最佳答案
好吧,今天又浏览了一些。我终于让它工作了!问题是在事件目录中,我需要允许委派到 SQL Server 框。在 AD 中有一个设置,您必须在 Web 服务器框上进行设置,以允许它在端口 1433 上委托(delegate)给您的 SQl Server 框上的 SQl 服务。我还必须确保我在 Web 服务器上设置了 kerebos 身份验证。这篇博文准确地解释了我的情况,并帮助我从头到尾让它正常工作:
关于c# - IIS 托管 WCF 服务和使用 Windows 身份验证的 SQL 查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8977821/