WCF身份验证方案不匹配?

时间:2011-09-09 19:46:22

标签: c# .net wcf wcf-security

我正在使用.Net 3.5并尝试配置WCF服务并收到异常, HTTP请求未经授权使用客户端身份验证方案“Negotiate”。从服务器收到的身份验证标头是“Negotiate,NTLM”。我已经在下面附加了服务器端和客户端.config文件。
只是几个笔记。由于网络访问要求,应用程序和服务都使用模拟。 Web应用程序驻留在与WCF服务不同的服务器上。两者都在各自的web.config文件中指定了以下内容。

<authentication mode="Windows"/>
<identity impersonate="true" userName="userName" password="password"/>

Web应用程序(在server1上)

<system.serviceModel>
 <bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IReports" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
     useDefaultWebProxy="false" proxyAddress="http://server2/Services/ReportService">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
       maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint name="BasicHttpBinding_IReports" address="http://server2/Services/ReportService/Reports.svc"
   binding="basicHttpBinding" contract="WCFServiceRef.IReports" bindingConfiguration="BasicHttpBinding_IReports"
            behaviorConfiguration="ClientBehavior"/>
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="ClientBehavior" >
      <clientCredentials supportInteractive="true" >
        <windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>

WCF服务(在server2上)

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
  <basicHttpBinding>
    <binding name="default" maxReceivedMessageSize="200000">
      <readerQuotas maxStringContentLength="200000" maxArrayLength="200000"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="ReportService.ReportsBehavior" name="ReportService.Reports">
    <endpoint address="" binding="basicHttpBinding" contract="ReportService.IReports" bindingConfiguration="default">
      <identity>
        <dns value="localhost"/>
      </identity>
    </endpoint>
    <endpoint name="mex" address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="default"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ReportService.ReportsBehavior">
      <serviceAuthorization impersonateCallerForAllOperations="false"/>
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>

我认为,如果我在应用程序中应用allowNtlm="true"指令,那将是修复的。在我看来,服务器期待Windows身份验证,但没有收到它?由于应用程序和服务驻留在不同的服务器上,我是否需要使用代理值?我觉得我不理解一些基本的东西,但它是在服务器端的IIS配置还是仅仅在我的应用程序中我不知道。 谢谢你的帮助!

1 个答案:

答案 0 :(得分:1)

sample from MSDN for basicHttpBinding with TransportCredentialOnly显示了如何设置它。您的配置非常相似,只是它还设置了消息级安全性。我尝试从配置中删除消息元素,看看是否是问题的原因。

我不认为问题是传递模拟凭据本身而是传递TransportCredentialOnly配置。此外,请确保将IIS配置为支持WCF服务器上的Windows身份验证。