WCF服务使用Windows身份验证，现在切换为使用SSL，它需要匿名

Question

我已经使用Windows身份验证创建了一个正常工作的WCF服务。 现在我正在尝试添加SSL。按照这些步骤后，它现在似乎使用匿名身份验证，给出此错误： 客户端身份验证方案“Anonymous”禁止HTTP请求。

任何线索都会受到赞赏。

我们在Windows Server 2008 R2和.Net版本4上使用IIS 7.5

正常工作的配置文件具有此服务模型（服务器端）：

      <system.serviceModel>
    <bindings />
<client />
<services>
  <service name="WCFServiceTest.Service1" behaviorConfiguration="WCFServiceBehavior">
    <endpoint address="" binding="wsHttpBinding" contract="WCFServiceTest.WCFService1">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
    <host>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="WCFServiceBehavior">

      <serviceMetadata httpGetEnabled="True" policyVersion="Policy15" />

      <serviceDebug includeExceptionDetailInFaults="True" />
    </behavior>
  </serviceBehaviors>
</behaviors>

这是更改的配置

        <system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="TransportWsSecurity">
                <security mode="Transport">
                    <transport clientCredentialType="Windows"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client />
    <services>
        <service name="WCFServiceTest.Service1" behaviorConfiguration="WCFServiceBehavior">
            <endpoint address="" binding="wsHttpsBinding" 
                      bindingConfiguration="TransportWsSecurity"
                      contract="WCFServiceTest.WCFService1">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
            <host>
            </host>
        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="WCFServiceBehavior">

                <serviceMetadata httpsGetEnabled="True" policyVersion="Policy15" />

                <serviceDebug includeExceptionDetailInFaults="True" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

这是调用服务的代码。它永远不会到达只返回true的IgnoreCertificateErrorHandler：

                    ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(IgnoreCertificateErrorHandler);
            WCFService1Client client = new WCFService1Client();

            client.ClientCredentials.Windows.ClientCredential.UserName = Utility1.GetConfig("RemoteLogin");
            client.ClientCredentials.Windows.ClientCredential.Password = Utility1.GetConfig("RemotePassword");

            try
            {
                result = client.SendUpdatesFromLocation(temp);
            }
            catch (FaultException<WCFProcessFault> ex)
            {
                string op = ex.Detail.Operation;
                string err = ex.Detail.Notes;

            }
            finally
            {
                client.Close();
            }
            WCFService1Client client = new WCFService1Client();

            client.ClientCredentials.Windows.ClientCredential.UserName = Utility1.GetConfig("RemoteLogin");
            client.ClientCredentials.Windows.ClientCredential.Password = Utility1.GetConfig("RemotePassword");

            try
            {
                result = client.SendUpdatesFromLocation(temp);
            }
            catch (FaultException<WCFProcessFault> ex)
            {
                string op = ex.Detail.Operation;
                string err = ex.Detail.Notes;

            }
            finally
            {
                client.Close();
            }

Answer 1

<bindings>
    <wsHttpBinding>
        <binding name="TransportWsSecurity">
            <security mode="Transport">
                <transport clientCredentialType="Ntlm"/>
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

尝试以上更改。这将使用Ntlm而不是Negotiate（Kerberos）进行身份验证。您很可能没有为Kerberos身份验证设置服务器。