我正在使用.Net 3.5并尝试配置WCF服务并收到异常, HTTP请求未经授权使用客户端身份验证方案“Negotiate”。从服务器收到的身份验证标头是“Negotiate,NTLM”。我已经在下面附加了服务器端和客户端.config文件。
只是几个笔记。由于网络访问要求,应用程序和服务都使用模拟。 Web应用程序驻留在与WCF服务不同的服务器上。两者都在各自的web.config文件中指定了以下内容。
<authentication mode="Windows"/>
<identity impersonate="true" userName="userName" password="password"/>
Web应用程序(在server1上)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IReports" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="false" proxyAddress="http://server2/Services/ReportService">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_IReports" address="http://server2/Services/ReportService/Reports.svc"
binding="basicHttpBinding" contract="WCFServiceRef.IReports" bindingConfiguration="BasicHttpBinding_IReports"
behaviorConfiguration="ClientBehavior"/>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior" >
<clientCredentials supportInteractive="true" >
<windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
WCF服务(在server2上)
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
<basicHttpBinding>
<binding name="default" maxReceivedMessageSize="200000">
<readerQuotas maxStringContentLength="200000" maxArrayLength="200000"/>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ReportService.ReportsBehavior" name="ReportService.Reports">
<endpoint address="" binding="basicHttpBinding" contract="ReportService.IReports" bindingConfiguration="default">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint name="mex" address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="default"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ReportService.ReportsBehavior">
<serviceAuthorization impersonateCallerForAllOperations="false"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
我认为,如果我在应用程序中应用allowNtlm="true"
指令,那将是修复的。在我看来,服务器期待Windows身份验证,但没有收到它?由于应用程序和服务驻留在不同的服务器上,我是否需要使用代理值?我觉得我不理解一些基本的东西,但它是在服务器端的IIS配置还是仅仅在我的应用程序中我不知道。
谢谢你的帮助!
答案 0 :(得分:1)
此sample from MSDN for basicHttpBinding with TransportCredentialOnly显示了如何设置它。您的配置非常相似,只是它还设置了消息级安全性。我尝试从配置中删除消息元素,看看是否是问题的原因。
我不认为问题是传递模拟凭据本身而是传递TransportCredentialOnly配置。此外,请确保将IIS配置为支持WCF服务器上的Windows身份验证。