将Windows凭据传递给远程https WCF服务
我需要一些帮助,我正在尝试将Windows凭据传递给WCF服务。 在IIS中,仅为这些服务启用Windows身份validation,并通过https运行。
服务器端配置是:
在客户端:
我试图以这种方式使用服务:
Client = new MyServiceClient(); BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; binding.MaxReceivedMessageSize = int.MaxValue; binding.MaxBufferPoolSize = long.MaxValue; binding.MaxBufferSize = int.MaxValue; EndpointAddress ep = new EndpointAddress("https://myserver.net:4343/MyService.svc"); Client = new COMINTSServiceClient(binding, ep); Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification; Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials; Client.Open(); Array[] obj = Client.RandomMethod();
此代码对我不起作用:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification; Client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
在服务中,当使用ServiceSecurityContext.Current.WindowsIdentity.Name
询问正在调用服务的用户时,总是得到: ISS APPPOOL \ ASP.NET v4.0而不是正在调用的域\用户
使其工作的唯一方法是编写用户名和密码,而不是DefaultNetworkCredentials。
Client.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\\user"; Client.ClientCredentials.Windows.ClientCredential.Password = "passw";
但我不希望用户/密码硬编码。 有什么帮助吗?
尝试:
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
保留CredentialCache
的作业。