AuthenticationManager.CustomTargetNameDictionary 属性

定义

获取包含服务主体名称 (SPN) 的字典,这些 SPN 用于在 Kerberos 身份验证期间为使用 WebRequest 及其派生类发出的请求标识主机。

public:
 static property System::Collections::Specialized::StringDictionary ^ CustomTargetNameDictionary { System::Collections::Specialized::StringDictionary ^ get(); };
public static System.Collections.Specialized.StringDictionary CustomTargetNameDictionary { get; }
member this.CustomTargetNameDictionary : System.Collections.Specialized.StringDictionary
Public Shared ReadOnly Property CustomTargetNameDictionary As StringDictionary

属性值

StringDictionary

一个可写的 StringDictionary,它包含构成主机信息的键的 SPN 值。

示例

下面的代码示例演示如何显示 .CustomTargetNameDictionary

static void RequestResource( Uri^ resource )
{
   // Set policy to send credentials when using HTTPS and basic authentication.
   // Create a new HttpWebRequest object for the specified resource.
   WebRequest^ request = dynamic_cast<WebRequest^>(WebRequest::Create( resource ));

   // Supply client credentials for basic authentication.
   request->UseDefaultCredentials = true;
   request->AuthenticationLevel = AuthenticationLevel::MutualAuthRequired;
   HttpWebResponse^ response = dynamic_cast<HttpWebResponse^>(request->GetResponse());

   // Determine mutual authentication was used.
   Console::WriteLine( L"Is mutually authenticated? {0}", response->IsMutuallyAuthenticated );
   System::Collections::Specialized::StringDictionary^ spnDictionary = AuthenticationManager::CustomTargetNameDictionary;
   System::Collections::IEnumerator^ myEnum = spnDictionary->GetEnumerator();
   while ( myEnum->MoveNext() )
   {
      DictionaryEntry^ e = safe_cast<DictionaryEntry^>(myEnum->Current);
      Console::WriteLine( "Key: {0}  - {1}", dynamic_cast<String^>(e->Key), dynamic_cast<String^>(e->Value) );
   }

   // Read and display the response.
   System::IO::Stream^ streamResponse = response->GetResponseStream();
   System::IO::StreamReader^ streamRead = gcnew System::IO::StreamReader( streamResponse );
   String^ responseString = streamRead->ReadToEnd();
   Console::WriteLine( responseString );

   // Close the stream objects.
   streamResponse->Close();
   streamRead->Close();

   // Release the HttpWebResponse.
   response->Close();
}

/*

The output from this example will differ based on the requested resource
and whether mutual authentication was successful. For the purpose of illustration,
a sample of the output is shown here:

Is mutually authenticated? True
Key: http://server1.someDomain.contoso.com  - HTTP/server1.someDomain.contoso.com

<html>
...
</html>

*/
       public static void RequestResource(Uri resource)
        {
            // Set policy to send credentials when using HTTPS and basic authentication.

            // Create a new HttpWebRequest object for the specified resource.
            WebRequest request=(WebRequest) WebRequest.Create(resource);
            // Supply client credentials for basic authentication.
            request.UseDefaultCredentials = true;
            request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
            HttpWebResponse response = (HttpWebResponse) request.GetResponse();
            // Determine mutual authentication was used.
            Console.WriteLine("Is mutually authenticated? {0}", response.IsMutuallyAuthenticated);

             System.Collections.Specialized.StringDictionary spnDictionary = AuthenticationManager.CustomTargetNameDictionary;
            foreach (System.Collections.DictionaryEntry e in spnDictionary)
            {
                Console.WriteLine("Key: {0}  - {1}", e.Key as string, e.Value as string);
            }
            // Read and display the response.
            System.IO.Stream streamResponse = response.GetResponseStream();
            System.IO.StreamReader streamRead = new System.IO.StreamReader(streamResponse);
            string responseString = streamRead.ReadToEnd();
            Console.WriteLine(responseString);
            // Close the stream objects.
            streamResponse.Close();
            streamRead.Close();
            // Release the HttpWebResponse.
            response.Close();
        }

/*

The output from this example will differ based on the requested resource
and whether mutual authentication was successful. For the purpose of illustration,
a sample of the output is shown here:

Is mutually authenticated? True
Key: http://server1.someDomain.contoso.com  - HTTP/server1.someDomain.contoso.com

<html>
...
</html>

*/

注解

SPN 是客户端唯一标识服务器上服务或应用程序的实例以用于相互身份验证的名称。 默认情况下会请求相互身份验证,可以通过在请求中设置WebRequest.AuthenticationLevelMutualAuthRequired来要求它。

WebRequest当需要相互身份验证时,客户端必须提供目标 SPN。 如果知道 SPN,可以在发送请求之前将其添加到 CustomTargetNameDictionary 其中。 如果尚未将 SPN 信息添加到此字典,则 AuthenticationManager 使用 RequestUri 该方法编写最有可能的 SPN;但是,这是一个计算值,可能不正确。 如果尝试相互身份验证并失败,可以检查字典以确定计算的 SPN。 如果身份验证协议不支持相互身份验证,则不会将 SPN 输入到字典中。

若要将此字典添加 SPN 值,请使用 AbsoluteUriRequestUri 字典作为键。 在内部,将截断密钥以包含 SchemeHost如果 Port 不是默认端口,

备注

访问该方法和属性 CustomTargetNameDictionary 需要不受限制 WebPermission

备注

通过代理执行 Kerberos 身份验证时,需要将代理和最终主机名解析为 SPN。 代理名称解析受超时保护。 将最终主机名解析为 SPN 需要 DNS 查找,并且没有与此操作直接关联的超时。 因此,同步操作可能需要更长的时间才能超时。 若要解决此问题,请在向 SPN 缓存发出请求之前,将最终主机的 URI 前缀添加到 SPN 缓存。

CustomTargetNameDictionary 未设置属性时,3.5 SP1 现在默认指定在 NTLM(NT LAN 管理器)身份验证交换中 的 SPN 的请求 URL 中使用的主机名。 在请求 URL 中使用的主机名可能不同于在客户端请求中的 System.Net.HttpRequestHeader 中指定的主机标头。 在请求 URL 中使用的主机名可能不同于服务器的实际主机名、服务器的计算机名、计算机的 IP 地址或环回地址。 在这些情况下,Windows 将无法通过身份验证请求。 若要解决此问题,可能需要通知Windows客户端请求 (“contoso”的请求 URL 中使用的主机名,例如,) 实际上是本地计算机的备用名称。

适用于

另请参阅