HttpListener.DefaultServiceNames 属性

定义

获取由已注册前缀确定的服务提供程序名 (SPN) 的默认列表。Gets a default list of Service Provider Names (SPNs) as determined by registered prefixes.

public:
 property System::Security::Authentication::ExtendedProtection::ServiceNameCollection ^ DefaultServiceNames { System::Security::Authentication::ExtendedProtection::ServiceNameCollection ^ get(); };
public System.Security.Authentication.ExtendedProtection.ServiceNameCollection DefaultServiceNames { get; }
member this.DefaultServiceNames : System.Security.Authentication.ExtendedProtection.ServiceNameCollection
Public ReadOnly Property DefaultServiceNames As ServiceNameCollection

属性值

一个包含 SPN 列表的 ServiceNameCollectionA ServiceNameCollection that contains a list of SPNs.

注解

DefaultServiceNames 属性与集成的 Windows 身份验证一起使用,以提供扩展保护。The DefaultServiceNames property is used with integrated Windows authentication to provide extended protection. Spn 列表在访问时从 Prefixes 属性进行初始化,并在向 Prefixes 属性添加新前缀时清除。The list of SPNs is initialized from the Prefixes property when accessed and cleared when new prefixes are added to the Prefixes property.

如果应用程序未对其扩展保护策略设置 CustomServiceNames 属性,则使用 DefaultServiceNames 属性。The DefaultServiceNames property is used if an application doesn't set the CustomServiceNames property on its extended protection policy.

DefaultServiceNames 属性一起检索的 ServiceNameCollection 根据以下规则从 Prefixes 属性生成:The ServiceNameCollection that is retrieved with the DefaultServiceNames property is built from the Prefixes property according to the following rules:

  1. 如果主机名为 "+"、"*" 或 IPv4 或 IPv6 文本(等同于 "*" 但限制为特定的本地接口),则将添加以下 SPN:If the hostname is "+", "*", or an IPv4 or IPv6 literal (equivalent to "*" but restricted to a specific local interface), the following SPN is added:

"HTTP/" 加上计算机的完全限定域名。"HTTP/" plus the fully qualified domain name of the computer.

  1. 如果主机名不包含任何点(无域或子域),则会尝试使用 DNS (HttpWebRequest所用的相同行为)来解析完全限定的域名。If the hostname contains no dots (no domains or subdomains), an attempt is made to resolve the fully-qualified domain name using DNS (the same behavior used by HttpWebRequest). 如果可以解析完全限定的域名,则将添加以下 Spn:If the fully-qualified domain name can be resolved, the following SPNs are added:

"HTTP/" 加上主机名(短名称)。"HTTP/" plus the hostname (the short name).

"HTTP/" 加上主机名的完全限定域名。"HTTP/" plus the fully qualified domain name for the hostname.

  1. 如果主机名不包含点(没有域或子域),并且无法解析完全限定的域名,则将添加以下 SPN:If the hostname contains not dots (no domains or subdomains) and a fully-qualified domain name can't be resolved, the following SPN is added:

"HTTP/" 加上主机名。"HTTP/" plus the hostname.

  1. 如果主机名包含点(域或子域),则添加以下 SPN:If the hostname contains dots (domains or subdomains), the following SPN is added:

"HTTP/" 加上主机名。"HTTP/" plus the hostname.

DefaultServiceNames 属性可由应用程序用来查看默认 Spn 列表,如果未提供自定义列表,则将用于身份验证。The DefaultServiceNames property can be used by an application to review the list of default SPNs which will be used for authentication if no custom list is supplied. 如果需要其他 Spn,应用程序可以使用 Merge 方法之一添加它们。If other SPNs are needed, an application can add them using one of the Merge methods.

使用扩展保护根据请求的 URL 做出策略决策时,这是不安全的,因为这可能是欺骗性的。It is not safe when using extended protection to make policy decisions based on the requested URL, since this can be spoofed. 相反,应用程序应依赖于 LocalEndPointRemoteEndPoint 属性来做出此类策略决策。Rather, applications should rely on the LocalEndPoint or RemoteEndPoint properties to make such policy decisions.

适用于

另请参阅