对于 SharePoint 2010,我们使用自定义 Web 服务(不是 SOAP!)使一些第 3 方数据可用于浏览器显示的页面中的 JS 代码。这是敏感数据,因此我们使用模拟来确保只有正确的用户才能访问它。我们的解决方案在 SharePoint 2013 中不再适用。由于原始解决方案相当复杂,我在 SP 2013 中构建了一个小而简单的服务,以研究如何设置具有模拟的 Web 服务。该服务部署到 ISAPI 的子文件夹。
这是没有模仿的基础,它有效:
测试服务.svc:
<%@ ServiceHost
Language="C#"
Debug="true"
Service="Sandbox.TestService, $SharePoint.Project.AssemblyFullName$"
CodeBehind="TestService.svc.cs"
Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressWebServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
TestService.svc.cs 后面的代码是:
using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;
namespace Sandbox
{
[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class TestService
{
[OperationContract]
[WebGet(UriTemplate = "GetAllNumbers",
ResponseFormat = WebMessageFormat.Json)]
List<int> GetAllNumbers()
{
List<int> result = new List<int>();
result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
return result;
}
}
}
当我在
http://pc00175/_vti_bin/Sandbox/TestService.svc/GetAllNumbers
上执行 GET 时我收到了预期的共鸣[1,1,2,3,5,8,13]
.到目前为止还好。现在我尝试使用模拟:using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Security.Principal;
namespace Sandbox
{
[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class TestService
{
[OperationContract]
[WebGet(UriTemplate = "GetAllNumbers",
ResponseFormat = WebMessageFormat.Json)]
List<int> GetAllNumbers()
{
List<int> result = new List<int>();
WindowsImpersonationContext ctx = ServiceSecurityContext.Current.WindowsIdentity.Impersonate();
try
{
result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
}
finally
{
ctx.Undo();
}
return result;
}
}
}
现在我得到一个 System.InvalidOperationException 消息“匿名身份无法执行模拟”。调用
ServiceSecurityContext.Current.WindowsIdentity.Impersonate()
时.我需要告诉 WCF 我们需要模拟该调用。所以我添加了一个属性[OperationBehavior(Impersonation=ImpersonationOption.Required)]
:using Microsoft.SharePoint.Client.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Activation;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Security.Principal;
namespace Sandbox
{
[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class TestService
{
[OperationContract]
[WebGet(UriTemplate = "GetAllNumbers",
ResponseFormat = WebMessageFormat.Json)]
[OperationBehavior(Impersonation=ImpersonationOption.Required)]
List<int> GetAllNumbers()
{
List<int> result = new List<int>();
WindowsImpersonationContext ctx = ServiceSecurityContext.Current.WindowsIdentity.Impersonate();
try
{
result.AddRange(new[] { 1, 1, 2, 3, 5, 8, 13 });
}
finally
{
ctx.Undo();
}
return result;
}
}
}
现在我在 SharePoint 日志中发现以下错误:
Error when open web service: System.InvalidOperationException: The contract operation 'GetAllNumbers' requires Windows identity for automatic impersonation. A Windows identity that represents the caller is not provided by binding ('WebHttpBinding','http://tempuri.org/') for contract ('TestService','http://tempuri.org/'. at System.ServiceModel.Dispatcher.SecurityValidationBehavior.WindowsIdentitySupportRule.ValidateWindowsIdentityCapability(Binding binding, ContractDescription contract, OperationDescription operation) at System.ServiceModel.Dispatcher.SecurityValidationBehavior.WindowsIdentitySupportRule.Validate(ServiceDescription description) at System.ServiceModel.Dispatcher.SecurityValidationBehavior.System.ServiceModel.Description.IServiceBehavior.Validate(ServiceDescriptio...
然后我猜我必须在 TestService.svc 旁边添加一个 web.config 并添加 TransportCredentialsOnly 模式,但这没有帮助:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
我在 SharePoint 日志文件中收到相同的错误。
我希望有人对我有提示。
谢谢你读到这里!
彼得
最佳答案
如果你想使用 REST,为什么不简单地为此创建一个应用程序呢?这比在 SharePoint 中公开 WCF 服务要容易得多。然后,您可以配置自己的安全设置。
这个article应该可以帮助你。
关于web-services - SharePoint 2013 中的自定义 Web 服务与模拟,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26546495/