个人中心
gpt4 book ai didi

c# - 从 IAuthorizationPolicy 设置 Thread.CurrentPrincipal?

转载 作者:太空狗 更新时间:2023-10-29 20:33:02 28 4
gpt4 key购买 nike

我有一个在 .NET Framework 4.6.2 下运行的 WCF 服务。我之前使用 web.config 使用我的自定义 IAuthorizationPolicy 配置服务,如下所示:

<services>
behaviorConfiguration="MyClientService.CustomValidator_Behavior" name="My.Service.Implementation.Services.MyClientService">
        <endpoint binding="netHttpBinding" behaviorConfiguration="protoEndpointBehavior" address="BinaryHttpProto" bindingNamespace="http://My.ServiceContracts/2007/11" contract="My.ServiceContracts.IMyClientService" />
        <endpoint binding="netHttpsBinding" behaviorConfiguration="protoEndpointBehavior" address="BinaryHttpsProto" bindingNamespace="http://My.ServiceContracts/2007/11" contract="My.ServiceContracts.IMyClientService" />
        bindingConfiguration="netTcpCertificate" behaviorConfiguration="protoEndpointBehavior" bindingNamespace="http://My.ServiceContracts/2007/11" contract="My.ServiceContracts.IMyClientService" address="Sll"/>
        <host>
        </host>
      </service>
    </services>


    <behavior name="MyClientService.CustomValidator_Behavior">
      <dataContractSerializer maxItemsInObjectGraph="2147483647" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceMetadata httpGetEnabled="true" />
      <customBehaviorExtension_ClientService />
      <serviceThrottling maxConcurrentCalls="2000" maxConcurrentSessions="2147483647" maxConcurrentInstances="2000" />
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="PeerOrChainTrust" />
        </clientCertificate>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="My.Service.Implementation.Security.CustomUsernamePasswordValidator, My.Service.Implementation" />
      </serviceCredentials>
      <serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="My.Service.Implementation.Security.CustomServiceAuthorizationManager, My.Service.Implementation">
        <authorizationPolicies>
          <add policyType="My.Service.Implementation.Security.CustomAuthorizationPolicy_ClientService, My.Service.Implementation" />
        </authorizationPolicies>
      </serviceAuthorization>
    </behavior>

现在我需要切换以在代码中执行此操作,这就是它的样子:

var endpoint = new System.ServiceModel.Description.ServiceEndpoint(System.ServiceModel.Description.ContractDescription.GetContract(typeof(IMyClientService)),
                        binding,
                       new EndpointAddress(endPointAddress));

                endpoint.EndpointBehaviors.Add(new ProtoBuf.ServiceModel.ProtoEndpointBehavior());
                serviceHost.AddServiceEndpoint(endpoint);

                ServiceAuthorizationBehavior serviceAuthorizationBehavior = serviceHost.Description.Behaviors.Find<ServiceAuthorizationBehavior>();
                if (serviceAuthorizationBehavior == null)
                {
                    serviceAuthorizationBehavior = new ServiceAuthorizationBehavior();
                    serviceHost.Description.Behaviors.Add(serviceAuthorizationBehavior);
                }
                serviceAuthorizationBehavior.ExternalAuthorizationPolicies = new ReadOnlyCollection<IAuthorizationPolicy>(new IAuthorizationPolicy[] { new CustomAuthorizationPolicy_ClientService() });
                ((ServiceBehaviorAttribute)serviceHost.Description.Behaviors[typeof(ServiceBehaviorAttribute)]).MaxItemsInObjectGraph = 2147483647;
                ((ServiceBehaviorAttribute)serviceHost.Description.Behaviors[typeof(ServiceBehaviorAttribute)]).IncludeExceptionDetailInFaults = true;

                ServiceThrottlingBehavior throttleBehavior = new ServiceThrottlingBehavior
                {
                    MaxConcurrentCalls = 200,
                    MaxConcurrentInstances = 2147483647,
                    MaxConcurrentSessions = 2000,
                };
                serviceHost.Description.Behaviors.Add(throttleBehavior);

                Console.WriteLine("Starting service...");
                serviceHost.Open();
                Console.WriteLine("Service started successfully (" + uri + ")");
                return serviceHost;
            }
            catch(Exception ex)

在 IAuthorizationPolicy 中,我像以前一样设置了 principla,它确实在这里中断了:

var userContext = new UserContextOnService(new ClientIdentity { AuthenticationType = "regular", IsAuthenticated = true, Name = "username" }, currentAnvandare, LoginType.UsernamePassword);
            userContext.OrbitToken = orbitToken;
            evaluationContext.Properties["Principal"] = userContext;
            SharedContext.Instance.AddUserContext(person.PersonId.ToString(), userContext);

问题是当我尝试运行它时:

(UserContextOnService)Thread.CurrentPrincipal;

在我得到异常的服务方法中,CurrentPrincipal 是一个WindowPrincipal

我可以通过使用此代码获得正确的委托(delegate)人:

OperationContext.Current.ServiceSecurityContext.AuthorizationContext.Properties["Principal"]

但这将意味着在许多仅使用 Thread.CurrentPrincipal 获取上下文的地方进行更改。

我怀疑我在配置中丢失了什么?

编辑:尝试设置 Thread.CurrentPrincipal = userContext;在 Evaluate 方法中但这没有帮助,Thread.CurrentPrincipal 是否仍然是 WindowsPrinciple?我怀疑 servicemethod 在另一个线程上结束,然后是执行 Evaluate 的线程。

最佳答案

启动服务时也需要设置:

serviceAuthorizationBehavior.PrincipalPermissionMode = PrincipalPermissionMode.Custom;
serviceAuthorizationBehavior.ServiceAuthorizationManager = new CustomServiceAuthorizationManager();

这是在以下行的正上方完成的:

serviceAuthorizationBehavior.ExternalAuthorizationPolicies = new ReadOnlyCollection<IAuthorizationPolicy>(new IAuthorizationPolicy[] { new CustomAuthorizationPolicy_ClientService() });

关于c# - 从 IAuthorizationPolicy 设置 Thread.CurrentPrincipal?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42512231/

28 4 0
文章推荐: python - 如何使用 Python 只读取 CSV 文件的标题列?
文章推荐: c++ - 如何从静态 C 和 C++ 库创建共享 C 库?
文章推荐: c++ - 如何解决静态方法内部的 lambda 内部的歧义?
文章推荐: c# - Nancy 既不渲染 View 也不扩展布局 View
太空狗
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com