All geek questions in one place

WCF and Window Pass Credentials

I have a website hosted on ServerA that runs using an application pool using a special user attribute with domain privileges to access our database. In the website configuration file, I specify:

    <identity impersonate="true" />

Then I have a service that is also located on ServerA and hosted in the console application programmatically (i.e. there is no configuration file), as shown below.

Uri uri = new Uri("net.tcp://ServerA:9900/Service/");

ServiceHost host = new ServiceHost(typeof(Service1), uri);

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

ServiceEndpoint serviceEndpoint = host.AddServiceEndpoint(typeof(IService1), binding, uri);
EndpointAddress myEndpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateSpnIdentity("MyspnName"));
serviceEndpoint.Address = myEndpointAddress;

host.Open();

When I open the browser on my local machine and go to the website, the website tries to connect to the WCF server and returns the error "The request for the security token could not be satisfied because authentication failed."

The website uses the following code to connect to the service:

Uri uri = new Uri("net.tcp://ServerA:9900/Service/");

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

EndpointIdentity epid = EndpointIdentity.CreateSpnIdentity("MyspnName");
EndpointAddress endPoint = new EndpointAddress(uri, epid);
//EndpointAddress endPoint = new EndpointAddress(uri);

ChannelFactory<IService1> channel = new ChannelFactory<IService1>(binding, endPoint);
channel.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
IService1 service = channel.CreateChannel();

service.PrintMessage("Print this message!");

PrintMessage, , , [OperationBehavior(Impersonation = ImpersonationOption.Required)] ...Allowed.. .

LocalHost, , . , impersonate = "false" web.config, , Windows WCF, .

, ? Pls , , , !

+3
2

Windows, :

 ServiceSecurityContext.Current.WindowsIdentity

WindowsIdentity , ".Name", ".Groups" , , .

WindowsIdentity NULL, Windows.

WCF IIS? - IIS7 , net.tcp.

, - Windows? IIS7.

+1

, , . , TCP. Google " " .

0

Source: https://habr.com/ru/post/1716479/

More articles:


All Articles