Fatal编程技术网
  • csharp/
  • C# 添加[PrincipalPermission(SecurityAction.Demand,Role=";ADMIN";)时,对象引用未设置为对象的实例

C# 添加[PrincipalPermission(SecurityAction.Demand,Role=";ADMIN";)时,对象引用未设置为对象的实例

c# wcf

C# 添加[PrincipalPermission(SecurityAction.Demand,Role=";ADMIN";)时,对象引用未设置为对象的实例,c#,wcf,wcf-security,C#,Wcf,Wcf Security,我有一个服务方法 [PrincipalPermission(SecurityAction.Demand, Role = "ADMIN")] public UserInfo GetUserInfo(string login, string password) { logger.Debug("Getting User Info"); return new UserInfo() {Balance = 100, UserName = "User1"}; } 当我添加

我有一个服务方法

  [PrincipalPermission(SecurityAction.Demand, Role = "ADMIN")]
  public UserInfo GetUserInfo(string login, string password)
  {
     logger.Debug("Getting User Info");
     return new UserInfo() {Balance = 100, UserName = "User1"};
  }
当我添加
[PrincipalPermission(SecurityAction.Demand,Role=“ADMIN”)]
时,我开始获得未设置为对象实例的
对象引用

项目中使用的代码:


public class AuthorizationPolicy: IAuthorizationPolicy
{

  Guid _id = Guid.NewGuid();
  private static Logger logger = LogManager.GetCurrentClassLogger();
  // this method gets called after the authentication stage
  public bool Evaluate(EvaluationContext evaluationContext, ref object state)
  {
     logger.Debug("Evaluate");
     // get the authenticated client identity
     IIdentity client = GetClientIdentity(evaluationContext);
     // set the custom principal
     evaluationContext.Properties["Principal"] = new CustomPrincipal(client);
     logger.Debug("Evaluate end");
     return true;
  }

  public ClaimSet Issuer { get; private set; }

  private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
  {
     logger.Debug("GetClientIdentity");
     object obj;
     if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
        throw new Exception("No Identity found");
     IList<IIdentity> identities = obj as IList<IIdentity>;
     if (identities == null || identities.Count <= 0)
        throw new Exception("No Identity found");
     logger.Debug("GetClientIdentity end");
     return identities[0];
  }

  public string Id { get { return _id.ToString(); }
     private set { }
  }


更新

跟踪文件包含:


    2014-02-27 18:48:35.2164|DEBUG|Beleke.Security.AuthorizationPolicy|Evaluate
2014-02-27 18:48:35.2164|DEBUG|Beleke.Security.AuthorizationPolicy|GetClientIdentity
2014-02-27 18:48:35.2164|DEBUG|Beleke.Security.AuthorizationPolicy|GetClientIdentity end
2014-02-27 18:48:35.2164|DEBUG|Beleke.Security.AuthorizationPolicy|Evaluate end
2014-02-27 18:48:35.2164|DEBUG|Beleke.BelekeService|Changing balance
2014-02-27 18:48:35.2694|DEBUG|Beleke.Security.AuthorizationPolicy|Evaluate
2014-02-27 18:48:35.2694|DEBUG|Beleke.Security.AuthorizationPolicy|GetClientIdentity
2014-02-27 18:48:35.2694|DEBUG|Beleke.Security.AuthorizationPolicy|GetClientIdentity end
2014-02-27 18:48:35.2694|DEBUG|Beleke.Security.AuthorizationPolicy|Evaluate end


这是服务器端跟踪


at System.Security.Permissions.PrincipalPermission.Demand()
at System.Security.PermissionSet.DemandNonCAS()
at Beleke.BelekeService.GetUserInfo(String login, String password) in d:\beleke\branches\master\BelekeService\App_Code\BelekeService.cs:line 29
at SyncInvokeGetUserInfo(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)


根据我的评论:

我在PrincipalPermission.Demand()中查看了未编译的代码

唯一可能为空的是您的IPrincipal.Identity

看起来你在用“CustomPrincipal”。。。您确定它的Identity属性没有返回null吗

奖金

未编译代码:


public void Demand()
{
  new SecurityPermission(SecurityPermissionFlag.ControlPrincipal).Assert();
  IPrincipal currentPrincipal = Thread.CurrentPrincipal;
  if (currentPrincipal == null)
    this.ThrowSecurityException();
  if (this.m_array == null)
    return;
  int length = this.m_array.Length;
  bool flag = false;
  for (int index = 0; index < length; ++index)
  {
    if (this.m_array[index].m_authenticated)
    {
      IIdentity identity = currentPrincipal.Identity;
      if (identity.IsAuthenticated && (this.m_array[index].m_id == null || string.Compare(identity.Name, this.m_array[index].m_id, StringComparison.OrdinalIgnoreCase) == 0))
      {
        if (this.m_array[index].m_role == null)
        {
          flag = true;
        }
        else
        {
          WindowsPrincipal windowsPrincipal = currentPrincipal as WindowsPrincipal;
          flag = windowsPrincipal == null || !(this.m_array[index].Sid != (SecurityIdentifier) null) ? currentPrincipal.IsInRole(this.m_array[index].m_role) : windowsPrincipal.IsInRole(this.m_array[index].Sid);
        }
        if (flag)
          break;
      }
    }
    else
    {
      flag = true;
      break;
    }
  }
  if (flag)
    return;
  this.ThrowSecurityException();
}



public void Demand()
{
新的SecurityPermission(SecurityPermissionFlag.ControlPrincipal.Assert();
IPrincipal currentPrincipal=Thread.currentPrincipal;
if(currentPrincipal==null)
this.ThrowSecurityException();
if(this.m_数组==null)
返回;
int length=this.m_array.length;
布尔标志=假;
对于(int-index=0;index
您提供的stacktrace就是您的异常被客户端重新调用的堆栈跟踪。NullReferenceException不会发生在那里,而是发生在代码服务器端。你能把你的VS连接到你的IIS进程,或者任何托管你的服务器的exe吗?既然你正在登录,也许也会给我们看那些日志?
BelekeService.cs:line 29
你能给我们看这行吗?
[PrincipalPermission(SecurityAction.Demand,Role=“ADMIN”)]public UserInfo GetUserInfo(string login,string password){
该死,我无法正确设置评论格式。但是第29行是开场白,我还不能授予奖金-因此需要等待。所以,现在我又遇到了另一个问题。我的
\u identity.Name
包含windows用户名,而不是通过
proxy.ClientCredentials.username=“test”设置的凭据
知道为什么会发生这种情况吗?_identity在哪里?它是如何分配的?@Oliver,啊,我以为我已经发布了那个部分了……所以,有
公共bool Evaluate(EvaluationContext EvaluationContext,ref object state)
part,我在这里收到的evaluationContext包含Windows用户名。不知道:/I猜问题是客户端…尝试在Username setter中设置断点?(不是您的代码,因此:Debug->New breakpoint->Break at function:UserNamePasswordClientCredential.set\u Username)解决了它-配置错误。我添加了绑定,但在“bindingConfiguration”标记中没有提到绑定的名称。

at System.Security.Permissions.PrincipalPermission.Demand()
at System.Security.PermissionSet.DemandNonCAS()
at Beleke.BelekeService.GetUserInfo(String login, String password) in d:\beleke\branches\master\BelekeService\App_Code\BelekeService.cs:line 29
at SyncInvokeGetUserInfo(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)



public void Demand()
{
  new SecurityPermission(SecurityPermissionFlag.ControlPrincipal).Assert();
  IPrincipal currentPrincipal = Thread.CurrentPrincipal;
  if (currentPrincipal == null)
    this.ThrowSecurityException();
  if (this.m_array == null)
    return;
  int length = this.m_array.Length;
  bool flag = false;
  for (int index = 0; index < length; ++index)
  {
    if (this.m_array[index].m_authenticated)
    {
      IIdentity identity = currentPrincipal.Identity;
      if (identity.IsAuthenticated && (this.m_array[index].m_id == null || string.Compare(identity.Name, this.m_array[index].m_id, StringComparison.OrdinalIgnoreCase) == 0))
      {
        if (this.m_array[index].m_role == null)
        {
          flag = true;
        }
        else
        {
          WindowsPrincipal windowsPrincipal = currentPrincipal as WindowsPrincipal;
          flag = windowsPrincipal == null || !(this.m_array[index].Sid != (SecurityIdentifier) null) ? currentPrincipal.IsInRole(this.m_array[index].m_role) : windowsPrincipal.IsInRole(this.m_array[index].Sid);
        }
        if (flag)
          break;
      }
    }
    else
    {
      flag = true;
      break;
    }
  }
  if (flag)
    return;
  this.ThrowSecurityException();
}