使用Active Directory进行WCF服务授权 - 访问被拒绝错误

时间:2015-04-01 16:38:27

标签: c# asp.net wcf wcf-security

我有一个关于通过IIS上托管的HTTP流量对域帐户进行WCF授权的问题(没有生产,因此没有ssl证书可以通过互联网使用)

我想知道如何设置从客户端到我的Web服务的Windows身份验证。目前我在同一个局域网上进行测试,所以代理不是问题

我已在此帖末尾列出了已尝试的步骤

编辑:正在发生的错误只是访问被拒绝,没有别的,从 尝试,捕获客户端应用程序。如果有办法获得更详细的信息,请告诉我并将结果添加到帖子中。

WCF服务代码:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]  

ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single, IncludeExceptionDetailInFaults = true)]    

public class Data : IData
    {
        [PrincipalPermission(SecurityAction.Demand, Role=@"Administrators")]

        public List<Incident> GetCases()
        {            

            Queries query = new Queries();

            List<Incident> iList = query.CallCases();

            return iList;

         }
   }

WCF Web配置绑定:

<wsHttpBinding>
    <binding name="TransportSecurity">
        <security mode="None">
            <message clientCredentialType="Windows" algorithmSuite="Default"/>
        </security>
    </binding>
</wsHttpBinding>

WCF Web配置行为:

<behavior name="Behaviour1">
    <serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
    <serviceDebug includeExceptionDetailInFaults="true" />
    <useRequestHeadersForMetadataAddress>
        <defaultPorts>
            <add scheme="http" port="9577" /> ///This port is correct
        </defaultPorts>
    </useRequestHeadersForMetadataAddress>
</behavior>

WCF Web配置服务:

<service behaviorConfiguration="Behaviour1" name="WebService1.Data">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WebService1.IData">
         <identity>
              <dns value="demo.DomainName.co.uk" />
         </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>

客户端应用程序(已添加服务引用)

            DataClient client = new DataClient();

        AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
        principalPerm.Demand();
        Console.WriteLine("Demand succeeded.");

        client.ClientCredentials.Windows.ClientCredential.Domain = "Domain Name";
        client.ClientCredentials.Windows.ClientCredential.UserName = "User Account";
        client.ClientCredentials.Windows.ClientCredential.Password = "Password";

        //client.ClientCredentials.UserName.UserName = @"UserAccount@domain.com";
        //client.ClientCredentials.UserName.Password = "Password";
        //client.ClientCredentials.UseIdentityConfiguration = true;

        try
        {
            List<Incident> cases = client.GetCases().ToList();

            foreach (Incident Inc in cases)
            {
                Console.WriteLine(Inc.CaseID);
            }

        }

        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

尝试的决议:

  • 使用域和本地用户
  • 将客户端凭据类型修改为基本,NTLM和Windows
  • 使用设置IIS来使用
  • IIS已启用基本身份验证和Windows身份验证

如果您需要更多信息,请不要犹豫。

感谢您提供的任何帮助

1 个答案:

答案 0 :(得分:0)

@Tim指出我正确的方向,这是决议:

<wsHttpBinding>
<binding name="TransportSecurity">
    <security mode="Message">
        <message clientCredentialType="Windows" algorithmSuite="Default"/>
    </security>
</binding>
</wsHttpBinding>

因为我没有SSL证书我需要将安全模式设置为Message,所以我很困惑,因为大多数人使用SSL进行测试,这需要传输安全性,我已将其设置为None进行测试。

感谢Tim的帮助

相关问题
最新问题