HTTP请求未经授权使用客户端身份验证方案“Basic”。从服务器收到的身份验证标头是“Negotiate,NTLM”

时间:2014-10-13 05:29:57

标签: wcf authentication iis wcf-security hp-trim

我正在尝试使用以下设置连接到服务。

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="UserName" algorithmSuite="Default"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="http://addressToService" binding="basicHttpBinding" bindingConfiguration="EngineSoap" contract="TRIMAPI.EngineSoap" name="EngineSoap" />
</client>

我得到的错误如下:

The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

我尝试将clientCredentialType =“Basic”更改为“Windows”和“Ntlm”,但是徒劳无功。我无法将安全模式设置为“TransportCredentialOnly”以外的任何内容,因为该服务不使用SSL。

此外,用户名就像'domain \ username'。

我错过了什么?

2 个答案:

答案 0 :(得分:0)

clientCredentialType需要是Ntlm而不是Basic

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

如果是HTTPS / SSL连接,请将TransportCredentialOnly更改为Transport。 有关详细信息,请参阅<transport> of <basicHttpBinding>

答案 1 :(得分:0)

未托管服务的服务器(IIS)上的基本身份验证。启用它为我解决了这个问题。