将 Windows 凭据传递给远程 https WCF 服务

Question

我需要一些帮助，我正在尝试将 Windows 凭据传递给 WCF 服务。在 IIS 中，这些服务仅启用了 Windows 身份验证并通过 https 运行。

服务器端配置是：

<system.serviceModel>
<protocolMapping>
  <add scheme="https" binding="basicHttpBinding" bindingConfiguration="httpsBinding"/>
</protocolMapping>
<bindings>
  <basicHttpBinding>
    <binding name="httpsBinding">
      <security mode="Transport">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />          
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>

在客户端：

<system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IMyService" maxBufferPoolSize="2147483647"
      maxReceivedMessageSize="2147483647">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="https://myserver.net:4343/MyService.svc"
    binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyService"
    contract="MyServiceReference.IMyService" name="BasicHttpBinding_IMyService" />
</client>

我正在尝试以这种方式使用该服务：

Client = new MyServiceClient();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferPoolSize = long.MaxValue;
binding.MaxBufferSize = int.MaxValue;

EndpointAddress ep = new EndpointAddress("https://myserver.net:4343/MyService.svc");
Client = new COMINTSServiceClient(binding, ep);
Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
Client.ClientCredentials.Windows.ClientCredential =  System.Net.CredentialCache.DefaultNetworkCredentials;
Client.Open();
Array[] obj = Client.RandomMethod();

这段代码对我不起作用：

    Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
    Client.ClientCredentials.Windows.ClientCredential =  System.Net.CredentialCache.DefaultNetworkCredentials;

在服务中，当要求使用ServiceSecurityContext.Current.WindowsIdentity.Nameallways get调用服务的用户时：ISS APPPOOL\ASP.NET v4.0而不是正在调用的域\用户

---

使其工作的唯一方法是写入用户名和密码而不是 DefaultNetworkCredentials。

Client.ClientCredentials.Windows.ClientCredential.UserName = "DOMAIN\\user";
Client.ClientCredentials.Windows.ClientCredential.Password = "passw";

但我不想要硬编码的用户/密码。请问有什么帮助吗？

Answer 1

尝试：

Client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

保留来自 的作业CredentialCache。