使用Windows身份验证设置安全SSL,WCF

时间:2015-03-30 17:59:52

标签: web-services wcf authentication ssl

好的,我真的需要帮助来获得这个设置。目前我已经安装了ssl证书。我在iis中安装了一个wcf服务作为应用程序。我已将其设置为需要ssl,我能够连接到该服务。问题是我想要Windows身份验证。我想禁用匿名安全。很快我禁用匿名并保持Windows身份验证。我收到一个错误: "在主机上配置的身份验证方案(' IntegratedWindowsAuthentication')不允许在绑定' BasicHttpBinding'上配置的身份验证方案。 ('匿名&#39)。请确保将SecurityMode设置为Transport或TransportCredentialOnly.etc等...."

当我用Windows身份验证恢复匿名时。是的我可以访问该服务,但它没有使用Windows身份验证..它很奇怪,因为其他文件,如test.html,例如仍然需要用户名/密码。我不知道如何使用ssl正确限制Windows身份验证的Web服务...任何人都可以帮助我?请

 <?xml version="1.0"?>
 <configuration>
   <system.web>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
  <customErrors mode="Off"/>
 </system.web>
 <system.serviceModel>


<bindings>
  <wsHttpBinding>
    <binding name="TransportSecurity">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>


      <readerQuotas maxDepth="2147483647"
          maxStringContentLength="2147483647"
          maxArrayLength="2147483647"
          maxBytesPerRead="2147483647"
          maxNameTableCharCount="2147483647" />
    </binding>
  </wsHttpBinding>
</bindings>
 <services>
     <service name="WcfConcur.ConcurService">
        <endpoint address=""
               binding="wsHttpBinding"
               bindingConfiguration="TransportSecurity"
               contract="WcfConcur.IConcurService"/>

<endpoint address="mex"
               binding="mexHttpsBinding"
              contract="IMetadataExchange" />
  </service>
</services>


<behaviors>
  <serviceBehaviors>
    <behavior>


      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>


</configuration>

在客户端,我添加了对wcf的引用。它会自动下载。事情是我托管的初始wcf地址是https://address/whatever.svc,当它下载时会显示http://internal地址,我不知道这是不是问题

   <?xml version="1.0" encoding="utf-8" ?>
        <configuration>
          <startup>
                <supportedRuntime version="v4.0"    sku=".NETFramework,Version=v4.0,Profile=Client" />
            </startup>
             <system.serviceModel>
                  <client>
                  <endpoint address="http://internal address/wcfConcurService/ConcurService.svc"
             binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IConcurService"
             contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
            </client>
               <bindings>
                  <basicHttpBinding>
                     <binding name="BasicHttpBinding_IConcurService" />
                </basicHttpBinding>
                  </bindings>

           </system.serviceModel>
        </configuration>

1 个答案:

答案 0 :(得分:0)

当禁用匿名访问时,抛出的错误消息似乎表明客户端配置存在问题。

客户端配置似乎使用的basicHttpBinding与使用wsHttpBinding的服务器配置不同。要解决绑定问题,应将服务器绑定配置复制到客户端配置文件,然后更新客户端端点以使用新的绑定配置。

您的客户端配置应如下所示:

  <system.serviceModel>
    <client>
      <endpoint address="https://enter-external-address-here/wcfConcurService/ConcurService.svc"
               binding="wsHttpBinding" bindingConfiguration="TransportSecurity"
               contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
    </client>
    <bindings>
      <wsHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>