I've got a simple client-server application based on TcpClient/TcpListener and SslStream. Clients can authenticate themselves to the server using a X509Certificate or by sending a user name and password after the SslStream has been established.WCF makes use of the System.IdentityModel namespace for authentication purposes, but apparently that can be used in arbitrary applications--which sounds interesting. Information on how to do this is sparse though (or my Google foo is weak today).So, my question is: What do I need to do to integrate System.IdentityModel with my application? I'm not sure if I need all that ClaimSet stuff, but it would be nice if users could log in just using their Windows account or any other provided authentication mechanism. (Unfortunately I can't just switch to WCF but have to use the custom protocol, although I can make some changes to it if necessary.) 解决方案 My Google foo was indeed weak. The answer is right behind the link in my question. So here are a couple of links to this blog in case somebody has the same question eventually.First, you should try to understand "that claim set stuff":ClaimsClaim SetsInspecting Claim SetsWindows and X509Certificate Claim SetsTypical Operations on Claim SetsThen, you need to know where claim sets come from:Authorization Policies, Context and Claims TransformationClaims Transformation in WCFAuthorization Context and Claims Transformation outside of WCFArmed with this knowledge, it actually becomes quite simple.If I understand it correctly, the basic workflow would be something like this:Client creates a SecurityToken using a SecurityTokenProviderClient serializes the SecurityToken using a SecurityTokenSerializerServer deserializes the SecurityToken using a SecurityTokenSerializerServer creates IAuthorizationPolicys using a SecurityTokenAuthenticatorServer creates AuthorizationContext from IAuthorizationPolicysDoneExample:// Create the SecurityTokenProvidervar p = new UserNameSecurityTokenProvider("username", "password");// Get the SecurityToken from the SecurityTokenProvidervar t = p.GetToken(TimeSpan.FromSeconds(1.0)) as UserNameSecurityToken;// ... transmit SecurityToken to server ...// Create the SecurityTokenAuthenticatorvar a = new CustomUserNameSecurityTokenAuthenticator( UserNamePasswordValidator.None);// Create IAuthorizationPolicies from SecurityTokenvar i = a.ValidateToken(t);// Create AuthorizationContext from IAuthorizationPoliciesvar c = AuthorizationContext.CreateDefaultAuthorizationContext(i);ShowClaims(c.ClaimSets);For X509SecurityTokens use a X509SecurityTokenProvider/Authenticator. For WindowsSecurityTokens there's a WindowsSecurityTokenAuthenticator but not a provider; instead, use the WindowsSecurityToken constructor:var t = new WindowsSecurityToken(WindowsIdentity.GetCurrent());This works quite well. The only thing I omitted so far above is the token serialization. There is a SecurityTokenSerializer class which has one implementation in the .NET framework: the WSSecurityTokenSerializer class which comes with WCF.Serializing UserNameSecurityTokens and X509SecurityTokens works like a charm (haven't tried deserialization), but WindowsSecurityTokens are apparently not supported by the serializer. This leaves me with the two authentication methods that I already have (certificates and username/password) and, as I didn't want that AuthorizationContext anyway, I'll stick with what I have :) 这篇关于如何在自己的客户端 - 服务器应用程序中使用 System.IdentityModel的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
07-24 06:45