我们正在尝试创建一个Web服务,它将通过HTTP(而不是HTTPS)使用,并使用NTLM / Windows身份验证。不幸的是,我们似乎无法找到“完美”的组合。无论我们尝试什么,使用Windows身份验证似乎总是希望强制我们使用HTTPS;并且使用HTTP似乎忽略了所有Windows身份验证尝试。
到目前为止,这是我们的app.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="wsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://xyz/xyz/xyzws.asmx" binding="basicHttpBinding"
bindingConfiguration="xyzwsSoap" contract="xyzws.xyzwsSoap"
name="xyzwsSoap" />
</client>
</system.serviceModel>
</configuration>
我们也尝试使用wsHttpBinding而不是basicHttpBinding创建一个新的绑定,但这也不起作用。有人能指出我们正确的方向吗?
答案 0 :(得分:1)
对于Windows身份验证,您的安全模式需要设置为TransportCredentialOnly:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
还要确保您的服务器和客户端配置同步。
答案 1 :(得分:0)
在Web.config system.serviceModel/behaviors/serviceBehaviors中的服务器应用程序(托管服务的应用程序)上,您需要创建新的行为。
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="internalBehaviour">
<serviceAuthenticationManager authenticationSchemes="Ntlm"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
然后在<system.serviceModel>部分的同一<bindings>创建
<bindings>
<basicHttpBinding>
<binding name="internal" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
然后在<system.serviceModel>部分<services>中(您正在配置服务,您正试图公开)
<services>
<service behaviorConfiguration="internalBehaviour" name="Corp.WebServices.CorePricingService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="internal" name="ConveyancingEndpoint" contract="Corp.Core.Interfaces.ICorePricingService" />
</service>
(显然改变合同)
然后,如果您从Visual Studio(或IIS)中的IIS Express运行它,请转到applicationhost.config
:
IISExpress C:\Users\[username]\Documents\IISExpress\config
IIS %WINDIR%\System32\inetsrv\config\applicationHost.config
找到您网站的<authentication>部分
将所有内容(但<windowsAuthentication enabled="true">)设置为false并注释掉<!--<add value="Negotiate" />-->(或删除)
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<!--<add value="Negotiate" />-->
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
然后在Web.config中的客户端应用程序中
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ConveyancingEndpoint">
<security mode="TransportCredentialOnly" >
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:53769/CorePricingService.svc" binding="basicHttpBinding" bindingConfiguration="ConveyancingEndpoint" contract="ServiceReference2.ICorePricingService" name="ConveyancingEndpoint">
</endpoint>
</client>
您可能需要set up windows authentication on your local machine。
希望这可以节省你一些时间。