尝试使用 WCF 获取客户端的 Windows 用户名
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6913765/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Trying to obtain windows username of the client using WCF
提问by Santosh
I am trying to get the Windows User name of the client who is accessing the ASP.NET page that is being hosted on my Local IIS. I am callign a WCF service within the ASP.NET page which returns the windows username of the client. I came across so many posts regarding and most of them are suggesting that
我正在尝试获取正在访问托管在我的本地 IIS 上的 ASP.NET 页面的客户端的 Windows 用户名。我在 ASP.NET 页面中调用 WCF 服务,该服务返回客户端的 Windows 用户名。我遇到了很多关于的帖子,其中大多数都在暗示
- OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name
- HttpContext.Current.User.Identity.Name
- HttpContext.Current.User.Identity.Name
- OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name
- HttpContext.Current.User.Identity.Name
- HttpContext.Current.User.Identity.Name
should work. The problems I am facing is "1" is always returning Null. "2" and "3" are always returning my local user name and not the requesting user's name. Am I missing anything in the web.configs of both ASP.NET and WCF service.
应该管用。我面临的问题是“1”总是返回 Null。“2”和“3”总是返回我的本地用户名而不是请求用户的名称。我在 ASP.NET 和 WCF 服务的 web.configs 中是否缺少任何内容。
IIS properties: Integrated Windows authentication Enabled.
IIS 属性:集成 Windows 身份验证已启用。
Here is the code.
这是代码。
WCF
周转基金
public string GetWindowsUser()
{
string temp = OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name;
string temp1 = HttpContext.Current.User.Identity.Name;
string temp2 = HttpContext.Current.User.Identity.Name;
return "Temp: "+temp+" \nTemp1: "+temp1+" \nTemp2: "+temp2;
}
WEB.Config
网页配置
<system.web>
<compilation debug="false" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:4772/Services.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1" contract="WindowsAuthServices.IService1" name="BasicHttpBinding_IService1"/>
</client>
</system.serviceModel>
ASP.NET Page:
ASP.NET 页面:
protected void Page_Load(object sender, EventArgs e)
{
WindowsAuthServices.Service1Client client = new WindowsAuthServices.Service1Client();
lblWelcome.Text = client.GetWindowsUser();
}
Web.Config
网页配置
<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:4772/Services.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1" contract="WindowsAuthServices.IService1" name="BasicHttpBinding_IService1"/>
</client>
</system.serviceModel>
回答by Oliver Weichhold
This is because your call is done on behalf of the identity under which the ASP.Net worker process runs and not under the identity of the user requesting the page (which is called impersonation).
这是因为您的调用是代表 ASP.Net 工作进程运行的身份而不是请求页面的用户身份(称为模拟)完成的。
1) The ASP.NET client web.config file needed to have impersonation set using the following markup (I put it under the authentication element as shown):
1) ASP.NET 客户端 web.config 文件需要使用以下标记设置模拟(我将它放在身份验证元素下,如图所示):
<authentication mode="Windows"/> <identity impersonate="true"/>
2) The service behavior had to be configured to use Windows for permissions and to impersonate callers.
2) 必须将服务行为配置为使用 Windows 获取权限并模拟调用者。
<serviceBehaviors>
<behavior name="XXX.XXXXXXXXXXXX">
<serviceMetadata httpGetEnabled="True"/>
<serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
回答by Ladislav Mrnka
Our enterprise wants its site to open only those using company devices(laptops). So they want the sharepoint site to use Windows authentication and not prompting the username and password. If the windows username matches with the one in the list of approved users it should open or else redirect to different authentication page. getting 1st part done has been a problem.
我们的企业希望它的网站只打开那些使用公司设备(笔记本电脑)的网站。所以他们希望 sharepoint 站点使用 Windows 身份验证,而不是提示用户名和密码。如果 Windows 用户名与批准用户列表中的用户名匹配,则应打开或重定向到不同的身份验证页面。完成第一部分一直是个问题。
So you just need your laptops to be connected to windows domain and use Integrated security and set correct security groups in Sharepoint.
因此,您只需要将笔记本电脑连接到 Windows 域并使用集成安全并在 Sharepoint 中设置正确的安全组。
What you describe is not security and it will never work.
您所描述的不是安全性,它永远不会起作用。
回答by Sixto Saez
Sounds like you need to implement/configure your website for identity delegation.If you need to configure WCF for delegation, check out this MSDN article.
听起来您需要为身份委托实施/配置您的网站。如果您需要为委派配置 WCF,请查看这篇 MSDN 文章。
回答by Santosh
I finally found the solution. When the other user are trying to access my local IIS using IP, my local IIS assumes that it is an internet request and not intranet request and since its windows authentication, it works only with intranet requests. To solve this I had to host my website on one of our domain servers. Since the domain server was already setup such that only users in that domain can access it, now it has the windows login info. And there ends my misery.
我终于找到了解决方案。当其他用户尝试使用 IP 访问我的本地 IIS 时,我的本地 IIS 假定它是 Internet 请求而不是 Intranet 请求,并且由于其 Windows 身份验证,它仅适用于 Intranet 请求。为了解决这个问题,我不得不在我们的一台域服务器上托管我的网站。由于域服务器已经设置为只有该域中的用户可以访问它,现在它具有 Windows 登录信息。我的痛苦到此结束。
