问题描述
我正在尝试弄清为什么基于属性的安全性无法像我在WCF中期望的那样工作,我怀疑这可能与以下方面有关:
I am trying to work out why attribute based security isn't working as I'd expect in WCF and I suspect it might have something to do with the following:
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
var identity = new WindowsIdentity("ksarfo");
var principal = new WindowsPrincipal(identity);
Console.WriteLine("\nChecking whether current user [" + identity.Name + "] is member of [" + groupName + "]");
Console.WriteLine(principal.IsInRole(groupName)); // returns true
principal = (WindowsPrincipal)Thread.CurrentPrincipal;
identity = (WindowsIdentity) principal.Identity;
Console.WriteLine("\nChecking whether current user [" + identity.Name + "] is member of [" + groupName + "]");
Console.WriteLine(principal.IsInRole(groupName)); // returns false
我不明白为什么函数调用的结果不同:
I don't understand why the results differ for the function call:
principal.IsInRole(groupName)
为了完整起见,代码实际上失败的地方是:
For the sake of completeness the point at which the code actually fails is here:
PrincipalPermission(SecurityAction.Demand, Role = "PortfolioManager")]
帮助表示赞赏。
推荐答案
也许是因为这不是相同的类。
Maybe it's because this is not the same classes.
看看MSDN:
-
-
- Thread.CurrentPrincipal
- IPrincipal
- IsInRole
- IsInRole
因此,如果有不同的类,也许会有不同的实现。
So, if there are differents classes, maybe there are differents implementations.
编辑:
我尝试过此代码:
public class InGroup { public string Name { get; set; } public bool Current { get; set; } public bool Fixe { get; set; } public bool Thread { get; set; } } WindowsIdentity current = System.Security.Principal.WindowsIdentity.GetCurrent(); WindowsPrincipal principalcurrent = new WindowsPrincipal(current); WindowsIdentity fixe = new WindowsIdentity("JW2031"); WindowsPrincipal principalFixe = new WindowsPrincipal(fixe); IPrincipal principalThread = System.Threading.Thread.CurrentPrincipal; List<InGroup> ingroups = new List<InGroup>(); foreach (IdentityReference item in current.Groups) { IdentityReference reference = item.Translate(typeof(NTAccount)); Console.WriteLine("{0}\t{1}\t{2}\t{3}", reference.Value, principalcurrent.IsInRole(reference.Value), principalFixe.IsInRole(reference.Value), principalThread.IsInRole(reference.Value)); ingroups.Add(new InGroup() { Name = reference.Value, Current = principalcurrent.IsInRole(reference.Value), Fixe = principalFixe.IsInRole(reference.Value), Thread = principalThread.IsInRole(reference.Value) }); } foreach (IdentityReference item in fixe.Groups) { IdentityReference reference = item.Translate(typeof(NTAccount)); if (ingroups.FindIndex(g => g.Name == reference.Value) == -1) { ingroups.Add(new InGroup() { Name = reference.Value, Current = principalcurrent.IsInRole(reference.Value), Fixe = principalFixe.IsInRole(reference.Value), Thread = principalThread.IsInRole(reference.Value) }); Console.WriteLine("{0}\t{1}\t{2}\t{3}", reference.Value, principalcurrent.IsInRole(reference.Value), principalFixe.IsInRole(reference.Value), principalThread.IsInRole(reference.Value)); } }这是
如您所见,我没有具有相同的组,但方式不同。
因此(因为我是本地计算机的管理员),我认为WindowsIdentity.GetCurrent将从AD获取用户,WindowsPrincipal(WindowsIdentity())将从本地计算机获取用户。As you can see, I did not have the same groups with differents ways.So (because I'm administrator of my local machine) I think that WindowsIdentity.GetCurrent will get the user from AD and WindowsPrincipal(WindowsIdentity("")) will get the user from local machine.
在我的Web应用程序中,我获得了最低的授权(我认为)。
但是,我对consoleapp没有任何解释...In my webapp, I have got the lowest authorisation possible (I think).But, I have no explanations for the consoleapp...
这只是假设,但这是连贯的。
It's only suppositions, but this is coherent.
这篇关于从WindowsIdentity和Thread.CurrentPrincipal检索WindowsPrincipal有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
- IPrincipal
-