C# 请求主体权限失败-可能是由于windows组?
我搜索了这个错误,没有找到正确的答案。。2个月前,我在做MVC->WCF通信。它成功了,然后我注释掉PrincipalPermission属性,使其在本地主机(VS IIS Express)上工作 重新启用后,我收到错误“请求主体权限失败”。我想我的组是错误的 西铁方面:C# 请求主体权限失败-可能是由于windows组?,c#,asp.net,asp.net-mvc,wcf,principalpermission,C#,Asp.net,Asp.net Mvc,Wcf,Principalpermission,我搜索了这个错误,没有找到正确的答案。。2个月前,我在做MVC->WCF通信。它成功了,然后我注释掉PrincipalPermission属性,使其在本地主机(VS IIS Express)上工作 重新启用后,我收到错误“请求主体权限失败”。我想我的组是错误的 西铁方面: [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)] [
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[PrincipalPermission(SecurityAction.Demand, Role = "Test_Group")]
public class TestService : ITestService
{
public int Test()
{
return 0;
}
}
客户端:
public async Task<ActionResult> Test()
{
Services.TestClientService testClient = new Services.TestClientService();
testClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
testClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
try
{
int response = await testClient.TestAsync();
}
catch(Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
return View();
}
公共异步任务测试()
{
Services.TestClientService testClient=new Services.TestClientService();
testClient.ClientCredentials.Windows.ClientCredential=System.Net.CredentialCache.DefaultNetworkCredentials;
testClient.ClientCredentials.Windows.AllowedImpersonationLevel=TokenImpersonationLevel.Impersonation;
尝试
{
int response=wait testClient.TestAsync();
}
捕获(例外情况除外)
{
系统.诊断.调试.写入线(例如消息);
}
返回视图();
}
WCF web配置:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="authBehavior">
<!-- serviceAuthorizationManagerType="MyProject.Common.RoleAuthorizationManager, MyProject" -->
<serviceAuthorization principalPermissionMode="UseWindowsGroups">
<authorizationPolicies>
<add policyType="MyProject.Common.AuthorizationPolicy, MyProject" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyProject.Common.IdentityValidator, MyProject" />
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="svcBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MyProject.TestService" behaviorConfiguration="authBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="MyProject.ITestService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<!-- <protocolMapping>
<add binding="wsDualHttpBinding" scheme="https" />
</protocolMapping>-->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
客户端网络配置:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<customInspector />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding" />
</basicHttpBinding>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="customInspector" type="MyMVC.Services.WCF.Behavior, MyMVC" />
</behaviorExtensions>
</extensions>
<client>
<endpoint address="http://localhost:9999/TestService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
contract="MyMVC.Services.ITestService" name="wsHttpEndpointBinding_ITestService" />
</client>
我无法访问WCF AuthorizationPolicy.cs以检查Thread.CurrentPrincipal是否已设置
知道如何调试出了什么问题吗?我认为这是windows中测试组的问题。WCF和MVC在IIS中运行。MVC在IIS APPPOOL\MVC下运行,IIS APPPOOL\MVC是测试组的成员
谢谢您的帮助。测试组是本地组还是Active Directory中的组?如果是后者,则应在域名前加上前缀,后跟反斜杠。So“域\测试组” 如果没有,请尝试删除最后一个属性,并将以下内容放在函数的开头
PrincipalPermission pp = new PrincipalPermission(null, @"Test_Group");
pp.Demand();
将PrincipalPermission属性从类级别移动到方法级别
文章:(上一篇文章提到它不能在WCF的类级别上使用:/)测试组是本地组。只有真正使用AD的权限组。您为IIS应用程序启用了什么身份验证?您的代码有效。不知道为什么MVC:Anonymous only的权限,WCF:Basic+AnonymousOoh ASP.NET模拟应在WCF上启用,对吗?编辑:已启用,仍不工作:/I我认为模拟不是您的问题。能否在WCF应用程序上启用Windows身份验证?您还可以为MVC禁用匿名和启用Windows身份验证吗?如果你说PP代码正在工作,那就很奇怪了。