从Kerberos身份验证计算机到NTLM服务器的身份验证

时间:2013-07-31 16:30:33

标签: c# sharepoint-2010 windows-authentication kerberos ntlm

我坚持以下情况: 我正在从具有身份验证类型Kerberos的客户端运行c#程序。我想使用kerberos凭据对仍由NTLM进行身份验证的SharePoint服务器Web服务进行身份验证。如何使用NTLM使用我的客户端Kerberos凭据登录Web服务?

作为我编写以下内容的测试程序,我想将其调整为不使用常量用户名,密码和域的程序,并且仍能正常运行:

using System;
using System.Security.Principal;
using TestSharePointServices.listService;

namespace TestSharePointServices
{

    class Program
    {
        static void Main(string[] args)
        {
            string username = "myusername";
            string password = "mypassword";
            string domain = "mydomain";

            ListsSoapClient client = new ListsSoapClient();
            if (client.ClientCredentials != null)
            {
                Console.WriteLine("Name: " + WindowsIdentity.GetCurrent().Name);
                Console.WriteLine("Authenticated: " + WindowsIdentity.GetCurrent().IsAuthenticated);
                Console.WriteLine("Authentication Type: " + WindowsIdentity.GetCurrent().AuthenticationType);
                Console.ReadKey();
                client.ClientCredentials.Windows.ClientCredential = 
                    new System.Net.NetworkCredential(username, password, domain);
                client.ClientCredentials.Windows.AllowedImpersonationLevel =
                    System.Security.Principal.TokenImpersonationLevel.Impersonation;
            } 

            string callback = client.GetList("Accounts").ToString();
            Console.WriteLine(callback);
            Console.ReadKey();
        }
    }
}

使用以下app.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
              <binding name="ListsSoap" closeTimeout="00:05:00" openTimeout="00:05:00" 
                       receiveTimeout="00:30:00" sendTimeout="00:05:00" allowCookies="false" 
                       bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
                       maxBufferPoolSize="524288" maxBufferSize="65536" maxReceivedMessageSize="65536" 
                       textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" 
                       messageEncoding="Text">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
                              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
                  <message clientCredentialType="UserName" algorithmSuite="Default" />
                </security>
              </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://sharepointserver/crm/_vti_bin/Lists.asmx"
                binding="basicHttpBinding" bindingConfiguration="ListsSoap"
                contract="listService.ListsSoap" name="ListsSoap" />
        </client>
    </system.serviceModel>
</configuration>

程序输出:

名称:mydomain \ myusername

经过身份验证:正确

身份验证类型:Kerberos

屏幕上的SharePoint输出Xml。

1 个答案:

答案 0 :(得分:2)

你做不到。 Kerberos与NTLM无关。绝对没有。 NTLM仅适用于Windows。您所能做的就是使用Windows用户/通行证登录并执行NTLM auch。虽然我强烈建议您使用支持SharePoint Kerberos的工作不到一小时。

相关问题
最新问题