部署后,WCF Windows身份验证不起作用
我有Windows身份验证的WCF服务。将其部署到另一台服务器后,我收到以下异常:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized
客户端配置未更改,如下所示:
<ws2007HttpBinding>
<binding name="autoSecureBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""></transport>
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
编辑:当我在浏览器中打开我的服务时,收到以下错误:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
有人知道可能是什么问题吗?
2 个答案:
答案 0 :(得分:0)
另一台服务器是否在同一个活动目录域下?
此外,您希望转到目标IIS,并查看“站点/应用程序身份验证”设置是否已将“Windows身份验证”设置为“已启用”。 (参见下面IIS7的屏幕)
答案 1 :(得分:0)
以下是我正在使用的Win auth only WCF服务的工作web.config(在IIS中仅启用了Windows身份验证)。
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="MyBindingForWindowsAuth">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
<!--<transport clientCredentialType="Windows" />-->
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="DataAccessService.Service">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="DataAccessService.IService" />
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
有了这个设置,如果你想将ASP.NET用户身份传递给WCF,你有3个选择:
选项1:
client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("phil.morris", "P4ssW0rd", "mydomain");
选项2:
使用模仿:
using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
string s = client.GetUserInfo();
retVal = "Wcf User: " + s;
}
选项3:
在调用者ASP.NET应用程序中启用ASP.NET模拟
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?