现有一个连接到代理服务器的Web服务,我需要在其中添加Kerberos身份验证策略。
我知道关于Kerberos身份验证的现有主题,但是任何人都可以共享一些有关如何在WebService上添加Kerberos身份验证的代码段吗?
首先启用WSE 3,并启用该策略。在web.config文件
中执行此操作<configSections>
<section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,Microsoft.Web.Services3,Version=3.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="Microsoft.Web.Services3,PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<webServices>
<soapExtensionImporterTypes>
<add type="Microsoft.Web.Services3.Description.WseExtensionImporter,PublicKeyToken=31bf3856ad364e35" />
</soapExtensionImporterTypes>
<soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory,PublicKeyToken=31bf3856ad364e35" />
</webServices>
</system.web>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
</microsoft.web.services3>
添加策略文件并配置策略:将配置文件添加到项目“ FileName.config”,然后在其中添加以下标记:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<policy name="KerberosService">
<authorization>
<allow user="Mawhiba\Akram" />
<deny role="*" />
</authorization>
<kerberosSecurity establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">
<protection>
<request
signatureOptions="IncludeAddressing,IncludeTimestamp,IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing,IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing,IncludeSoapBody"
encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
将策略应用于Web服务:通过在服务类之前添加以下代码:
[Policy(“ KerberosService”)]
此功劳归Akrumooz。
https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero
查看链接以获取更多信息。