wcf wsHttpBinding and disabling anonymous access

后端未结

关注

 2  500

-上瘾入骨i

http://blogs.msdn.com/drnick/archive/2007/03/23/preventing-anonymous-access.aspx

Can someone clarify whether it is possible to use wsHttpBinding in WCF and disable anon

相关标签:

2条回答

难免孤独

2021-02-06 13:15

we want to use windows integrated security. If you disable anonymous access in IIS and allow just windows, you cannot seem to use wsHttpBinding with WCF without using some security mode (e.g. transprot security which requires ssl).

We only want to use windows authentication we don't necessarily want to use ssl for transport security.

I was a little amazed this wasn't possible out of the box (as seemed to be confirmed by my link) as it would seem quite a common scenario for intern applications.

We don't want to downgrade to basicHttpBinding which would support windows authentication only.

0 讨论(0)
发布评论:

提交评论
- 加载中...

闹比i

2021-02-06 13:30

you are right, afaik in the scenario you describe wsHttpBinding requires us to use the internal WCF security stack. So what you would typically do is

leave anonymous access enabled
create a serviceBehavior with <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
annotate every concrete implementation of a service method using the PrincipalPermissionAttribute, which is a quite powerful tool with many different options to control access

Would that be an acceptable solution for you or are there any other things to consider?

Basic Example:

public class TestService : ITestService
{
  [PrincipalPermission(SecurityAction.Demand, Name = "testdomain\\administrator")]
  public string DoWork()
  {   
    return "Hello World " + Thread.CurrentPrincipal.Identity.Name;
  }
}

  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WcfSecurity.Www.TestServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="WcfSecurity.Www.TestServiceBehavior" name="WcfSecurity.Www.TestService">
        <endpoint address="" binding="wsHttpBinding" contract="WcfSecurity.Www.ITestService" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>    
  </system.serviceModel>

0 讨论(0)