Impersonation on .net service bus
- How to use impersonation or identity on .net service bus?
답변
Please refer to http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/f35aa4f8-0d05-487c-8d79-25b3a4431500 to see how to use Windows identity on Service Bus. For impersonation, first your service needs to get a UPN claim issued by Geneva Server, which contains information about the user's identity. You can configure a rule in ACS: Input: the UPN claim, Output: Copy input value. That way, your service will be able to get the UPN claim. Then you can convert the UPN claim to a Windows token by calling S4UClient.UpnLogon method from Geneva Framework. The following code is extracted from the Convert Claims to NT Token sample from Geneva Framework. You can have a look at the complete sample under "Microsoft Geneva Framework\Samples\Extensibility\Convert Claims to NT Token".
// Gets the current identity and extracts the UPN claim.
IClaimsIdentity identity = ( ClaimsIdentity )Thread.CurrentPrincipal.Identity;
string upn = null;
foreach ( Claim claim in identity.Claims )
{
if ( StringComparer.Ordinal.Equals( System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType ) )
{
upn = claim.Value;
}
}
// Performs the UPN logon through the WTS service.
WindowsIdentity windowsIdentity = null;
if ( !String.IsNullOrEmpty( upn ) )
{
try
{
windowsIdentity =
S4UClient.UpnLogon( upn );
}
catch ( SecurityAccessDeniedException )
{
Console.WriteLine( "Could not map the upn claim to a valid windows identity." );
return;
}
}
else
{
throw new Exception( "No UPN claim found" );
}
using ( WindowsImpersonationContext ctxt = windowsIdentity.Impersonate() )
{
//Do work here...
}
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 답변으로 표시됨Yi-Lun LuoMSFT, 중재자2009년 7월 1일 수요일 오전 10:10
모든 응답
Please refer to http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/f35aa4f8-0d05-487c-8d79-25b3a4431500 to see how to use Windows identity on Service Bus. For impersonation, first your service needs to get a UPN claim issued by Geneva Server, which contains information about the user's identity. You can configure a rule in ACS: Input: the UPN claim, Output: Copy input value. That way, your service will be able to get the UPN claim. Then you can convert the UPN claim to a Windows token by calling S4UClient.UpnLogon method from Geneva Framework. The following code is extracted from the Convert Claims to NT Token sample from Geneva Framework. You can have a look at the complete sample under "Microsoft Geneva Framework\Samples\Extensibility\Convert Claims to NT Token".
// Gets the current identity and extracts the UPN claim.
IClaimsIdentity identity = ( ClaimsIdentity )Thread.CurrentPrincipal.Identity;
string upn = null;
foreach ( Claim claim in identity.Claims )
{
if ( StringComparer.Ordinal.Equals( System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType ) )
{
upn = claim.Value;
}
}
// Performs the UPN logon through the WTS service.
WindowsIdentity windowsIdentity = null;
if ( !String.IsNullOrEmpty( upn ) )
{
try
{
windowsIdentity =
S4UClient.UpnLogon( upn );
}
catch ( SecurityAccessDeniedException )
{
Console.WriteLine( "Could not map the upn claim to a valid windows identity." );
return;
}
}
else
{
throw new Exception( "No UPN claim found" );
}
using ( WindowsImpersonationContext ctxt = windowsIdentity.Impersonate() )
{
//Do work here...
}
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 답변으로 표시됨Yi-Lun LuoMSFT, 중재자2009년 7월 1일 수요일 오전 10:10
