开发者

Trying to obtain windows username of the client using WCF

开发者 https://www.devze.com 2023-03-24 09:08 出处:网络
I am trying to get the Windows User name of the client who is accessing the ASP.NET page that is being hosted on my Local IIS. I am callign a WCF service within the ASP.NET page which returns the wind

I am trying to get the Windows User name of the client who is accessing the ASP.NET page that is being hosted on my Local IIS. I am callign a WCF service within the ASP.NET page which returns the windows username of the client. I came across so many posts regarding and most of them are suggesting that

  1. OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name
  2. HttpContext.Current.User.Identity.Name
  3. HttpContext.Current.User.Identity.Name

should work. The problems I am facing is "1" is always returning Null. "2" and "3" are always returning my local user name and not the requesting user's name. Am I missing anything in the web.configs of both ASP.NET and WCF service.

IIS properties: Integrated Windows authentication Enabled.

Here is the code.

WCF

public string GetWindowsUser()    
{
   string temp = OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name;
   string temp1 = HttpContext.Current.User.Identity.Name;
   string temp2 = HttpContext.Current.User.Identity.Name;
   return "Temp: "+temp+" \nTemp1: "+temp1+" \nTemp2: "+temp2;
}

WEB.Config

<system.web>
    <compilation debug="false" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                <security mode="None">
                    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
                    <message clientCredentialType="UserName" algorithmSuite="Default"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:4772/Services.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1" contract="WindowsAuthServices.IService1" name="BasicHttpBinding_IService1"/>
    </client>
</system.serviceModel>

ASP.NET Page:

protected void Page_Load(object sender, EventArgs e)
{
    WindowsAuthServices.Service1Client client = new WindowsAuthServices.Service1Client();
    lblWelcome.Text = client.GetWindowsUser();
}

Web.Config

<system.web>
    <compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpBinding_IService1" clo开发者_StackOverflowseTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                <security mode="None">
                    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
                    <message clientCredentialType="UserName" algorithmSuite="Default"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:4772/Services.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1" contract="WindowsAuthServices.IService1" name="BasicHttpBinding_IService1"/>
    </client>
</system.serviceModel>


This is because your call is done on behalf of the identity under which the ASP.Net worker process runs and not under the identity of the user requesting the page (which is called impersonation).

From http://geekswithblogs.net/robz/archive/2007/10/03/wcf-impersonation---specifying-windows-authentication-credentials-on-the-service.aspx

1) The ASP.NET client web.config file needed to have impersonation set using the following markup (I put it under the authentication element as shown):

<authentication mode="Windows"/>
<identity impersonate="true"/>

2) The service behavior had to be configured to use Windows for permissions and to impersonate callers.

<serviceBehaviors>
    <behavior name="XXX.XXXXXXXXXXXX">
      <serviceMetadata httpGetEnabled="True"/>
      <serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />
    </behavior>
</serviceBehaviors>


Our enterprise wants its site to open only those using company devices(laptops). So they want the sharepoint site to use Windows authentication and not prompting the username and password. If the windows username matches with the one in the list of approved users it should open or else redirect to different authentication page. getting 1st part done has been a problem.

So you just need your laptops to be connected to windows domain and use Integrated security and set correct security groups in Sharepoint.

What you describe is not security and it will never work.


Sounds like you need to implement/configure your website for identity delegation. If you need to configure WCF for delegation, check out this MSDN article.


I finally found the solution. When the other user are trying to access my local IIS using IP, my local IIS assumes that it is an internet request and not intranet request and since its windows authentication, it works only with intranet requests. To solve this I had to host my website on one of our domain servers. Since the domain server was already setup such that only users in that domain can access it, now it has the windows login info. And there ends my misery.

0

精彩评论

暂无评论...
验证码 换一张
取 消