标题几乎说明了一切,我想配置我的WCF服务,以便用户只能使用Kerberos进行身份验证,而不是NTLM(用于调试目的)。有没有办法做到这一点?
在客户端,显然是通过设置clientCredentials / windows / @ allowNtlm =“false”完成的,但服务器似乎没有等效属性。
我的配置:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="rest">
<webHttp helpEnabled="true" defaultOutgoingResponseFormat="Xml" automaticFormatSelectionEnabled="false" faultExceptionEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="MyService">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="rss" contract="MyProject.IMyService" behaviorConfiguration="rest" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8732/Design_Time_Addresses/MyProject/MyService/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="rss">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
答案 0 :(得分:0)
我认为您可以实现此目的,在IIS中托管您的服务 - 您可以指定已启用的身份验证提供商,右键点击'Windows Authentification' Authentification settings经理的IIS项。只需关闭/打开所需的提供商。