Impersonation on .net service bus
- How to use impersonation or identity on .net service bus?
解答
Please refer to http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/f35aa4f8-0d05-487c-8d79-25b3a4431500 to see how to use Windows identity on Service Bus. For impersonation, first your service needs to get a UPN claim issued by Geneva Server, which contains information about the user's identity. You can configure a rule in ACS: Input: the UPN claim, Output: Copy input value. That way, your service will be able to get the UPN claim. Then you can convert the UPN claim to a Windows token by calling S4UClient.UpnLogon method from Geneva Framework. The following code is extracted from the Convert Claims to NT Token sample from Geneva Framework. You can have a look at the complete sample under "Microsoft Geneva Framework\Samples\Extensibility\Convert Claims to NT Token".
// Gets the current identity and extracts the UPN claim.
IClaimsIdentity identity = ( ClaimsIdentity )Thread.CurrentPrincipal.Identity;
string upn = null;
foreach ( Claim claim in identity.Claims )
{
if ( StringComparer.Ordinal.Equals( System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType ) )
{
upn = claim.Value;
}
}
// Performs the UPN logon through the WTS service.
WindowsIdentity windowsIdentity = null;
if ( !String.IsNullOrEmpty( upn ) )
{
try
{
windowsIdentity =
S4UClient.UpnLogon( upn );
}
catch ( SecurityAccessDeniedException )
{
Console.WriteLine( "Could not map the upn claim to a valid windows identity." );
return;
}
}
else
{
throw new Exception( "No UPN claim found" );
}
using ( WindowsImpersonationContext ctxt = windowsIdentity.Impersonate() )
{
//Do work here...
}
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 已標示為解答Yi-Lun LuoMSFT, 版主Wednesday, 1 July, 2009 10:10
所有回覆
Please refer to http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/f35aa4f8-0d05-487c-8d79-25b3a4431500 to see how to use Windows identity on Service Bus. For impersonation, first your service needs to get a UPN claim issued by Geneva Server, which contains information about the user's identity. You can configure a rule in ACS: Input: the UPN claim, Output: Copy input value. That way, your service will be able to get the UPN claim. Then you can convert the UPN claim to a Windows token by calling S4UClient.UpnLogon method from Geneva Framework. The following code is extracted from the Convert Claims to NT Token sample from Geneva Framework. You can have a look at the complete sample under "Microsoft Geneva Framework\Samples\Extensibility\Convert Claims to NT Token".
// Gets the current identity and extracts the UPN claim.
IClaimsIdentity identity = ( ClaimsIdentity )Thread.CurrentPrincipal.Identity;
string upn = null;
foreach ( Claim claim in identity.Claims )
{
if ( StringComparer.Ordinal.Equals( System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType ) )
{
upn = claim.Value;
}
}
// Performs the UPN logon through the WTS service.
WindowsIdentity windowsIdentity = null;
if ( !String.IsNullOrEmpty( upn ) )
{
try
{
windowsIdentity =
S4UClient.UpnLogon( upn );
}
catch ( SecurityAccessDeniedException )
{
Console.WriteLine( "Could not map the upn claim to a valid windows identity." );
return;
}
}
else
{
throw new Exception( "No UPN claim found" );
}
using ( WindowsImpersonationContext ctxt = windowsIdentity.Impersonate() )
{
//Do work here...
}
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.- 已標示為解答Yi-Lun LuoMSFT, 版主Wednesday, 1 July, 2009 10:10
