上在类级别上使用。
我搜索了此错误,找不到正确的答案。2个月前,我正在做MVC-> WCF通信。它有效,然后我评论了principalpermission属性,以使其在localhost上工作(vs iis express)。
重新启用后,我收到错误"要求本金许可的请求失败"。我想我的小组错了。
WCF侧:
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[PrincipalPermission(SecurityAction.Demand, Role = "Test_Group")]
public class TestService : ITestService
{
public int Test()
{
return 0;
}
}
客户端:
public async Task<ActionResult> Test()
{
Services.TestClientService testClient = new Services.TestClientService();
testClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
testClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
try
{
int response = await testClient.TestAsync();
}
catch(Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
return View();
}
WCF Web配置:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="authBehavior">
<!-- serviceAuthorizationManagerType="MyProject.Common.RoleAuthorizationManager, MyProject" -->
<serviceAuthorization principalPermissionMode="UseWindowsGroups">
<authorizationPolicies>
<add policyType="MyProject.Common.AuthorizationPolicy, MyProject" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyProject.Common.IdentityValidator, MyProject" />
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="svcBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MyProject.TestService" behaviorConfiguration="authBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="MyProject.ITestService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<!-- <protocolMapping>
<add binding="wsDualHttpBinding" scheme="https" />
</protocolMapping>-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
客户端webconfig:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<customInspector />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding" />
</basicHttpBinding>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="customInspector" type="MyMVC.Services.WCF.Behavior, MyMVC" />
</behaviorExtensions>
</extensions>
<client>
<endpoint address="http://localhost:9999/TestService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
contract="MyMVC.Services.ITestService" name="wsHttpEndpointBinding_ITestService" />
</client>
我无法联系WCF授权policy.cs以检查是否设置了thread.currentprincipal。
有什么想法如何调试怎么了?我认为这是Windows中test_group的问题。WCF和MVC在IIS中运行。MVC在IIS AppPool MVC下运行,该 MVC是test_group的成员。
感谢您的帮助。
将principalpermission属性从类级别移动到方法级别。
文章:https://social.msdn.microsoft.com/forums/vstudio/en-us/41c5a8c6-8c6-8d17-41c7-9714-4714-472966666666ba75d/principalpersigh?论坛= WCF(上一篇文章提到它不能在wcf:/)
test_group是本地组还是Active Directory中的一个组?如果后者应以您的域名前缀,则应进行后斜线。因此,"域 test_group"
如果不尝试删除最后一个属性并将以下属性放在功能开始时。
PrincipalPermission pp = new PrincipalPermission(null, @"Test_Group");
pp.Demand();