如何在WCF客户端配置文件中指定Windows凭据

时间:2022-08-23 15:25:38

I have a WCF service using BasicHttpBinding with Windows authentication. Most clients are domain accounts and connect to the service using their default credentials.

我有一个使用BasicHttpBinding和Windows身份验证的WCF服务。大多数客户端都是域帐户,并使用其默认凭据连接到服务。

Now I want to connect to the service from an ASP.NET client that is running under a local account. I want to connect to the WCF service using windows credentials (domain\user and password) that are available to the ASP.NET application.

现在,我想从在本地帐户下运行的ASP.NET客户端连接到该服务。我想使用ASP.NET应用程序可用的Windows凭据(域\用户和密码)连接到WCF服务。

I know I can do this in code using ClientBase<T>.ClientCredentials.

我知道我可以使用ClientBase .ClientCredentials在代码中执行此操作。

Is there a way to specify the credentials (domain\user and password) in the client's web.config file so I don't have to change the code?

有没有办法在客户端的web.config文件中指定凭据(域\用户和密码),所以我不必更改代码?

EDIT

If it can't be done in the configuration file, is there a way of using System.Net.ICredentials or System.Net.NetworkCredential as a credential for a WCF service?

如果无法在配置文件中完成,是否有办法使用System.Net.ICredentials或System.Net.NetworkCredential作为WCF服务的凭据?

The .NET Framework provides these as a homogenous way to provide network credentials, but with WCF this seems to have been thrown out in favour of a new incompatible system based on the unrelated System.ServiceModel.Description.ClientCredentials class.

.NET Framework提供了这些作为提供网络凭据的同类方式,但是对于WCF,这似乎已经被抛弃,转而支持基于不相关的System.ServiceModel.Description.ClientCredentials类的新的不兼容系统。

EDIT 2

Accepting Marc's answer to the original question - it seems there is no way to do this in the client configuration file :(

接受Marc对原始问题的回答 - 似乎在客户端配置文件中没有办法做到这一点:(

I would see this as a deficiency in WCF - I don't accept that Microsoft should be deliberately discouraging us from putting credentials in the configuration file - after all they have to be stored somewhere, and the Framework includes facilities for encrypting the config file. I guess I could create a custom BehaviorExtensionElement for this, but it ought to be available out of the box.

我认为这是WCF的一个缺陷 - 我不接受微软应该故意阻止我们在配置文件中放置凭据 - 毕竟它们必须存储在某个地方,而Framework包含加密配置文件的工具。我想我可以为此创建一个自定义的BehaviorExtensionElement,但它应该是开箱即用的。

It's also a bit inconsistent: the system.net/mailSettings/smtp/network configuration element allows credentials to be specified, so why not WCF?

它也有点不一致:system.net/mailSettings/smtp/network配置元素允许指定凭据,为什么不WCF?

Regarding the second question about using System.Net.NetworkCredential, it seems from this blog that it is possible, at least when using Windows authentication, with the following code:

关于使用System.Net.NetworkCredential的第二个问题,从这篇博客看来,至少在使用Windows身份验证时,可以使用以下代码:

factory.Credentials.Windows.ClientCredential =
   new System.Net.NetworkCredential(name, password, domain);

6 个解决方案

#1


You can't specify your credentials in the config file, unfortunately - you have to do this in code (most likely because otherwise you might end up with credentials in your config file, in plain text - not a good thing....).

不幸的是,您不能在配置文件中指定您的凭据 - 您必须在代码中执行此操作(最可能的原因是,您可能最终在配置文件中使用凭据,纯文本 - 这不是一件好事....) 。

#2


Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];

is incorrect. It is used with message security and clientCredentialType="UserName". You should use

是不正确的。它与消息安全性和clientCredentialType =“UserName”一起使用。你应该用

Svc.ClientCredentials.Windows.ClientCredential = new NetworkCredential(...);

#3


It seems there is no way to set id and password in the default binding configuration (I'm still looking), I did it adding the code bellow, but still wish microsoft would add it to the default bindings

似乎没有办法在默认的绑定配置中设置id和密码(我还在寻找),我做了它添加下面的代码,但仍希望microsoft将它添加到默认绑定

    <appSettings>
     <add key="user"  value="user" />
     <add key="password"  value="password" />
     <add key="domain"  value="domain" />
   </appSettings>


   // client side code
   string userName =  ConfigurationManager.AppSettings.Get("user");
   string pswd = ConfigurationManager.AppSettings.Get("password");
   string domain = ConfigurationManager.AppSettings.Get("domain");

   client.ClientCredentials.Windows.ClientCredential.Domain = domain; 
   client.ClientCredentials.Windows.ClientCredential.UserName = userName;
   client.ClientCredentials.Windows.ClientCredential.Password = pswd;

Sebastian Castaldi

#4


I understand that there isn't a mechanism to specify the credentials within the <binding> tags, but why not do this:

我知道没有一种机制来指定 标记内的凭据,但为什么不这样做:

 Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
 Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];

#5


Svc.ClientCredentials.Windows.ClientCredential = 
    System.Net.CredentialCache.DefaultNetworkCredentials;

#6


Have you tried this?

你试过这个吗?

<system.web>
      <identity impersonate="true" userName="username" password="password"/>
</system.web>

#1


You can't specify your credentials in the config file, unfortunately - you have to do this in code (most likely because otherwise you might end up with credentials in your config file, in plain text - not a good thing....).

不幸的是,您不能在配置文件中指定您的凭据 - 您必须在代码中执行此操作(最可能的原因是,您可能最终在配置文件中使用凭据,纯文本 - 这不是一件好事....) 。

#2


Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];

is incorrect. It is used with message security and clientCredentialType="UserName". You should use

是不正确的。它与消息安全性和clientCredentialType =“UserName”一起使用。你应该用

Svc.ClientCredentials.Windows.ClientCredential = new NetworkCredential(...);

#3


It seems there is no way to set id and password in the default binding configuration (I'm still looking), I did it adding the code bellow, but still wish microsoft would add it to the default bindings

似乎没有办法在默认的绑定配置中设置id和密码(我还在寻找),我做了它添加下面的代码,但仍希望microsoft将它添加到默认绑定

    <appSettings>
     <add key="user"  value="user" />
     <add key="password"  value="password" />
     <add key="domain"  value="domain" />
   </appSettings>


   // client side code
   string userName =  ConfigurationManager.AppSettings.Get("user");
   string pswd = ConfigurationManager.AppSettings.Get("password");
   string domain = ConfigurationManager.AppSettings.Get("domain");

   client.ClientCredentials.Windows.ClientCredential.Domain = domain; 
   client.ClientCredentials.Windows.ClientCredential.UserName = userName;
   client.ClientCredentials.Windows.ClientCredential.Password = pswd;

Sebastian Castaldi

#4


I understand that there isn't a mechanism to specify the credentials within the <binding> tags, but why not do this:

我知道没有一种机制来指定 标记内的凭据,但为什么不这样做:

 Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
 Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];

#5


Svc.ClientCredentials.Windows.ClientCredential = 
    System.Net.CredentialCache.DefaultNetworkCredentials;

#6


Have you tried this?

你试过这个吗?

<system.web>
      <identity impersonate="true" userName="username" password="password"/>
</system.web>