I am writing a WCF Service which would allow access to operations based on AD user group. If the logged in user is part of groupA, allow him to do operationA, but not operationB and so on and so forth. Now for this I have to pass NetworkCredentials to the service like
我正在编写一个WCF服务,允许访问基于AD用户组的操作。如果登录用户是groupA的一部分,则允许他执行operationA,但不允许他执行operationB等等。现在我必须将NetworkCredentials传递给像这样的服务
factory.Credentials.Windows.AllowedImpersonationLevel =
TokenImpersonationLevel.Identification;
factory.Credentials.Windows.AllowNtlm = true;
factory.Credentials.Windows.ClientCredential.username = "username";
factory.Credentials.Windows.ClientCredential.password = "pwd";
factory.Credentials.Windows.ClientCredential.domain = "mycompany.com";
I want that the user need not enter his credentials for calling service operation. It should take from Thread.CurrentPrincipal. Can anyone help me out in this regards as to how to pass network credentials.
我希望用户不需要输入他的凭据来调用服务操作。它应该来自Thread.CurrentPrincipal。任何人都可以帮助我在这方面如何传递网络凭据。
1 个解决方案
#1
Why don't you just specify the security mode to be "Windows integrated" security on your binding? This is the default on net.Tcp and wsHttp bindings - the Windows credentials of the currently logged in user will be sent across the wire to the server.
为什么不直接将安全模式指定为绑定的“Windows集成”安全性?这是net.Tcp和wsHttp绑定的默认设置 - 当前登录用户的Windows凭据将通过网络发送到服务器。
No need to explicitly set those credentials again, really.
真的,无需再次明确设置这些凭据。
#1
Why don't you just specify the security mode to be "Windows integrated" security on your binding? This is the default on net.Tcp and wsHttp bindings - the Windows credentials of the currently logged in user will be sent across the wire to the server.
为什么不直接将安全模式指定为绑定的“Windows集成”安全性?这是net.Tcp和wsHttp绑定的默认设置 - 当前登录用户的Windows凭据将通过网络发送到服务器。
No need to explicitly set those credentials again, really.
真的,无需再次明确设置这些凭据。