We currently have a setup like this:
我们目前有这样的设置:
lan\john lan\application1 lan\appService1 lan\appService2
client ------> website ----------> WCF Service1 ------> WCF Service2
So each website/service runs as a different identity account that is setup in active directory. Security checks are based on the identity of the immediate caller (i.e. WCF Service2 would verify that its caller lan\appService1 has the rights to perform that task).
因此,每个网站/服务都作为在活动目录中设置的不同身份帐户运行。安全检查基于直接调用者的身份(即WCF Service2将验证其调用者lan \ appService1是否有权执行该任务)。
For logging purposes though we need to know who the original caller was (in this example lan\john) so that we can record they did an action. I would like a way to do this in a more secure fashion than is currently being done (passing the string of "lan\john" as a message header with each call). Any ideas?
出于记录目的,虽然我们需要知道原始调用者是谁(在本例中为lan \ john),以便我们可以记录他们做了一个动作。我想以一种比目前更安全的方式执行此操作(在每次调用时将“lan \ john”字符串作为消息头传递)。有任何想法吗?
1 个解决方案
#1
1
If its just matter of checking the security of WCF service caller you can checkout the mechanism suggested by msdn here.
如果只是检查WCF服务调用者的安全性,你可以在这里查看msdn建议的机制。
For the entire application if you want to enable the identity impersonation at this stages, you can explore the design pattern explained on msdn.
对于整个应用程序,如果要在此阶段启用身份模拟,可以浏览msdn上解释的设计模式。
#1
1
If its just matter of checking the security of WCF service caller you can checkout the mechanism suggested by msdn here.
如果只是检查WCF服务调用者的安全性,你可以在这里查看msdn建议的机制。
For the entire application if you want to enable the identity impersonation at this stages, you can explore the design pattern explained on msdn.
对于整个应用程序,如果要在此阶段启用身份模拟,可以浏览msdn上解释的设计模式。