1. 首页
  2. 问答
  3. 将PrincipalPermissionAttribute与自定义角色提供者配合使用

将PrincipalPermissionAttribute与自定义角色提供者配合使用

2011-06-19 105 views
1

我正在为我的组织开发新的安全基础设施。由于我们为内部组织使用开发系统,因此我想使用Windows身份验证,但对于授权,我们管理单独的Oracle DB(出于历史原因)。我的想法是使用PrincipalPermissionAttribute定义将PrincipalPermissionAttribute与自定义角色提供者配合使用

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
全球

::的Application_Start 和

<system.web> 
    <compilation debug="true" targetFramework="4.0" /> 
    <authorization> 
     <deny users="?"/> 
    </authorization> 
    <roleManager **defaultProvider="MyRoleProvider"** 
     enabled="true" 
     cacheRolesInCookie="true" 
     cookieName=".ASPROLES" 
     cookieTimeout="30" 
     cookiePath="/" 
     cookieRequireSSL="false" 
     cookieSlidingExpiration="true" 
     cookieProtection="All" > 
     <providers> 
     <clear /> 
     <add 
      name="MyRoleProvider" 
      type="WcfServiceLibrary1.MyRoleProvider" 
      connectionStringName="Service1" 
      applicationName="InfraTest" 
      writeExceptionsToEventLog="true" /> 
     </providers> 
    </roleManager> 
    </system.web> 
    <system.serviceModel> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="BasicHttpEndpointBinding"> 
      <security mode="TransportCredentialOnly"> 
      <transport **clientCredentialType="Windows"** /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service name="WcfService1.Service1"> 
     <endpoint address="WcfAuthenticationTest" binding="basicHttpBinding" 
      bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" 
      contract="WcfService1.IService1"> 
      <identity> 
      <dns value="localhost"/> 
      </identity> 
     </endpoint> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost/WcfAuthentication"/> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceAuthorization **principalPermissionMode="UseAspNetRoles"**/> 
      <serviceMetadata httpGetEnabled="true"/> 
      <serviceDebug includeExceptionDetailInFaults="true"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    </system.webServer>
在我的web.config

使用我自定义角色提供应该访问Oracle数据库检查的作用。但我无法让它工作。有没有办法使PrincipalPermissionAttribute以这种方式工作或可能是整个概念是错误的?我想实现我的自定义CodeAccessSecurityAttribute,但它并不那么简单,所以我宁愿不要这样做 有没有人有任何想法的问题?我会很高兴得到一些答案

来源

2011-06-19 Daniel Kabzon

回答

1

我最近学到了两件事。首先,我所有的概念都是正确的,我可以使用PrinciplePermissionAttribute和Costom角色提供者,第二个是我完全与web.config标签混淆。标记用于asp.net设置,而用于WCF设置。所以一个位配置解决了整个问题。这是正确的配置

<?xml version="1.0"?> 
<configuration> 

    <system.web> 
    <compilation debug="true" defaultLanguage="c#" targetFramework="4.0" /> 

    <roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" 
     defaultProvider="MyRoleProvider"> 
     <providers> 
     <clear /> 
     <add connectionStringName="Service1" applicationName="InfraTest" 
      writeExceptionsToEventLog="false" name="MyRoleProvider" type="SecLib.MyRoleProvider" /> 
     </providers> 
    </roleManager> 

    </system.web> 
    <system.serviceModel> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="BasicHttpBindingConfiguration" closeTimeout="00:01:00" 
      sendTimeout="00:10:00" maxBufferSize="524288" maxReceivedMessageSize="524288"> 
      <security mode="TransportCredentialOnly"> 
      <transport clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service name="WcfRoleProviderTestService.Service1" 
       behaviorConfiguration="BasicHttpServiceBehavior" > 
     <endpoint name="BasicHttpEndpoint" 
        contract="WcfRoleProviderTestService.IService1" 
        address="WcfAuthenticationTest" 
        binding="basicHttpBinding" 
        bindingConfiguration="BasicHttpBindingConfiguration" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="http://localhost/WcfRoleProviderTestService/" /> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior name="BasicHttpServiceBehavior"> 
      <serviceAuthorization principalPermissionMode="UseAspNetRoles" 
      roleProviderName="MyRoleProvider" impersonateCallerForAllOperations="true" /> 
      <serviceMetadata httpGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     <behavior name=""> 
      <serviceMetadata httpGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    </system.serviceModel> 
<system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"/> 
    </system.webServer> 
</configuration>

来源

2011-07-04 07:58:09

1

你不必包括impersonateCallerForAllOperations="true"除非你需要模拟

来源

2011-08-04 16:51:16 Bharathan

+1

的问题是,我需要做的模拟,以检查客户端许可 –

相关问题

 相关问题