本文介绍了在ASP.NET c#中向现有WebService添加Kerberos身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

存在连接到代理服务器的现有WebService,我需要向其中添加Kerberos身份验证策略。

我知道有关于Kerberos身份验证的现有主题,但有人能分享一些关于如何在WebService上添加Kerberos身份验证的代码片段吗?

几乎所有的Kerberos主题都只讨论Kerberos身份验证的工作原理。提前谢谢。

推荐答案

首先启用WSE3,然后启用策略。在web.config文件中执行此操作

<configSections>
  <section name="microsoft.web.services3" 

    type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
         Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
         PublicKeyToken=31bf3856ad364e35" />
</configSections>

<system.web>

  <compilation debug="true">
    <assemblies>
      <add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    </assemblies>
  </compilation>

  <webServices>
    <soapExtensionImporterTypes>
      <add type="Microsoft.Web.Services3.Description.WseExtensionImporter,
                    Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
                    PublicKeyToken=31bf3856ad364e35" />
    </soapExtensionImporterTypes>
    <soapServerProtocolFactory 

      type="Microsoft.Web.Services3.WseProtocolFactory,Microsoft.Web.Services3,
            Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </webServices>
</system.web>

<microsoft.web.services3>
  <policy fileName="wse3policyCache.config" />
  <tokenIssuer>
    <statefulSecurityContextToken enabled="false" />
  </tokenIssuer>
</microsoft.web.services3>

添加策略文件并配置策略:将配置文件添加到项目‘FileName.config’中,然后向其添加以下标记:

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
  <policy name="KerberosService">
    <authorization>
      <allow user="MawhibaAkram" />
      <deny role="*" />
    </authorization>
    <kerberosSecurity establishSecurityContext="true"

    renewExpiredSecurityContext="true" requireSignatureConfirmation="false"

    messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"

    requireDerivedKeys="true" ttlInSeconds="300">
      <protection>
        <request 

           signatureOptions="IncludeAddressing, IncludeTimestamp, 
                             IncludeSoapBody" 

           encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, 
                                    IncludeSoapBody" 

                  encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, 
                                 IncludeSoapBody" 

               encryptBody="false" />
      </protection>
    </kerberosSecurity>
    <requireActionHeader />
  </policy>
</policies>
  1. 在Web服务上应用策略:在服务类之前添加以下代码:

    [Policy("KerberosService")]

这归功于Akruooz。

https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero

有关详细信息,请查看该链接。

这篇关于在ASP.NET c#中向现有WebService添加Kerberos身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

11-02 05:56