使用WCF customBinding进行Kerberos身份验证

时间:2010-08-25 12:57:07

标签: wcf wcf-binding wcf-client kerberos

我正在使用ASMX Web服务并使用customBinding为服务创建WCF客户端。在customBinding安全性部分中,我使用authenticationMode作为“KerberosOverTransport”并使用HTTP作为传输介质。请参阅以下代码。

<customBinding>
    <binding name="Service1Soap" closeTimeout="00:01:00" openTimeout="00:01:00"
      receiveTimeout="00:10:00" sendTimeout="00:01:00">
      <security allowSerializedSigningTokenOnReply="true" authenticationMode="KerberosOverTransport"
        requireDerivedKeys="false" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
        messageSecurityVersion="Default" requireSecurityContextCancellation="false">
        <secureConversationBootstrap />
      </security>
      <textMessageEncoding messageVersion="Soap11" />
      <httpTransport authenticationScheme="Ntlm" unsafeConnectionNtlmAuthentication="false" />
    </binding>
  </customBinding>
</bindings>
<client>
  <endpoint address="http://localhost:1612/TestService.asmx" binding="customBinding"
    bindingConfiguration="Service1Soap" contract="WCFProxy.Service1Soap"
    name="Service1Soap" />
</client>

当我创建Proxy类的实例并调用Web Service的Hello World方法时,我得到以下异常。

“'CustomBinding'。'http://tempuri.org/'绑定'Service1Soap'。'urn:Service1'合同配置了一种需要传输级别完整性和机密性的身份验证模式。但是传输不能提供完整性和保密“。

=============================================== ===========================================

at System.ServiceModel.Dispatcher.SecurityValidationBehavior.SoapOverSecureTransportRequirementsRule.ValidateSecurityBinding(SecurityBindingElement securityBindingElement,Binding binding,ContractDescription contract)    在System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateSecurityBinding(SecurityBindingElement sbe,Binding binding,ContractDescription contract)    at System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateBinding(Binding binding,ContractDescription contract,SecurityBindingElement&amp; securityBindingElement)    在System.ServiceModel.Dispatcher.SecurityValidationBehavior.System.ServiceModel.Description.IEndpointBehavior.Validate(ServiceEndpoint serviceEndpoint)    在System.ServiceModel.Description.ServiceEndpoint.Validate(Boolean runOperationValidators,Boolean isForService)    在System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(ServiceEndpoint serviceEndpoint)    在System.ServiceModel.ChannelFactory.CreateFactory()    在System.ServiceModel.ChannelFactory.OnOpening()    在System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan超时)    在System.ServiceModel.ClientBase 1.System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ClientBase 1.Open()    在D:\ Rakesh \ Test Projects \ WebServiceCustomBinding \ WCFClient \ Program.cs中的WCFClient.Program.Main(String [] args):第16行    在System.AppDomain._nExecuteAssembly(Assembly assembly,String [] args)    在System.AppDomain.ExecuteAssembly(String assemblyFile,Evidence assemblySecurity,String [] args)    在Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()    在System.Threading.ThreadHelper.ThreadStart_Context(对象状态)    在System.Threading.ExecutionContext.Run(ExecutionContext executionContext,ContextCallback回调,对象状态)    在System.Threading.ThreadHelper.ThreadStart()

我对谷歌搜索这个例外没有好运。 R&amp; S已经有2天了。 D部分。请在这个问题上给我一些帮助。我将非常高兴你的帮助!

此致 勒凯什。

2 个答案:

答案 0 :(得分:0)

尝试使用具有以下安全性的BasicHttpBinding:

<bindings>
  <basicHttpBinding>
    <binding name="Secured">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

您也可以查看article - 有关于设置客户端的部分内容。

答案 1 :(得分:0)

请尝试使用<httpsTransport requireClientCertificate="true"/>绑定元素。