本文介绍了wcf wsHttpBinding并禁用匿名访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
http://blogs.msdn. com/drnick/archive/2007/03/23/preventing-anonymous-access.aspx
有人可以弄清楚是否可以在WCF中使用wsHttpBinding并在IIS中禁用匿名访问而无需传输(ssl)或消息安全性吗?
Can someone clarify whether it is possible to use wsHttpBinding in WCF and disable anonymous access in IIS without transport (ssl) or message security being required?
推荐答案
您是正确的,在描述wsHttpBinding的方案中,afaik要求我们使用内部WCF安全堆栈.所以您通常要做的是
you are right, afaik in the scenario you describe wsHttpBinding requires us to use the internal WCF security stack. So what you would typically do is
- 启用匿名访问
- 使用< serviceAuthorizationPrincipalPrincipalMode ="UseWindowsGroups"/> 创建serviceBehavior
- 使用PrincipalPermissionAttribute注释服务方法的每个具体实现,这是一个非常强大的工具,具有许多用于控制访问的选项
- leave anonymous access enabled
- create a serviceBehavior with <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
- annotate every concrete implementation of a service method using the PrincipalPermissionAttribute, which is a quite powerful tool with many different options to control access
这对您来说是可以接受的解决方案,还是有其他需要考虑的事情?
Would that be an acceptable solution for you or are there any other things to consider?
基本示例:
public class TestService : ITestService
{
[PrincipalPermission(SecurityAction.Demand, Name = "testdomain\\administrator")]
public string DoWork()
{
return "Hello World " + Thread.CurrentPrincipal.Identity.Name;
}
}
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="WcfSecurity.Www.TestServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="WcfSecurity.Www.TestServiceBehavior" name="WcfSecurity.Www.TestService">
<endpoint address="" binding="wsHttpBinding" contract="WcfSecurity.Www.ITestService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
这篇关于wcf wsHttpBinding并禁用匿名访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!