使用匿名身份验证调用HTTPS WCF服务?

时间:2011-07-26 10:35:00

标签: wcf iis

即使在WCF服务的虚拟目录上启用了匿名访问并且禁用了集成身份验证,我仍然会收到错误:

  

HTTP请求未经授权使用客户端身份验证方案   '匿名&#39 ;.从服务器收到的身份验证标头是   '协商,NTLM'

这就是客户端绑定配置的安全性定义:

<security mode="Transport">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="None" negotiateServiceCredential="false" />
</security>

端点定义:

<endpoint address="https://url.com/Service.svc"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
            contract="IService" name="WSHttpBinding_IService">
            <identity>
                <servicePrincipalName value="spn" />
            </identity>
</endpoint>

我已经尝试过添加:

client.ClientCredentials.Windows.AllowedImpersonationLevel =  System.Security.Principal.TokenImpersonationLevel.Impersonation;

但它似乎没有任何效果。

我需要更改IIS上的某些内容吗?

[编辑]

服务配置:

<behaviors>
   <endpointBehaviors>
      <behavior name="defaultBehavior"/>
   </endpointBehaviors>
   <serviceBehaviors>
      <behavior name="metadataSupport">
         <serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
         <useRequestHeadersForMetadataAddress>
            <defaultPorts>
               <add scheme="https" port="443" />
            </defaultPorts>
         </useRequestHeadersForMetadataAddress>
      </behavior>
   </serviceBehaviors>
</behaviors>
<services>
   <service name="ServiceLibrary.Service"
            behaviorConfiguration="metadataSupport">
      <endpoint address=""
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                contract="ServiceLibrary.IService"/>
      <endpoint address="mex"
                binding="wsHttpBinding"
                bindingConfiguration="wsSecureBinding"
                name="mexHttps"
                contract="IMetadataExchange" />
   </service>
</services>
<bindings>
   <wsHttpBinding>
      <binding name="wsSecureBinding">
         <security mode="Transport"/>
      </binding>
   </wsHttpBinding>
</bindings>

1 个答案:

答案 0 :(得分:6)

将服务中的绑定配置修改为:

<bindings>
    <wsHttpBinding>
        <binding name="wsSecureBinding">
            <security mode="Transport">
                <transport clientCredentialType="None" />
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

默认情况下,它需要Windows凭据。