我正在托管输出jsonp的wcf服务。 IIS的响应(启用了Windows身份验证)是
经过身份验证的服务不支持跨域javascript回调。
有办法解决这个问题吗?我必须打开Windows身份验证,但也想使用wcf来服务我的jsonp
我的网页配置如下
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="webHttpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingWithJsonP" crossDomainScriptAccessEnabled="true" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="ServiceSite.CustomersService">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttpBindingWithJsonP" contract="ServiceSite.CustomersService"
behaviorConfiguration="webHttpBehavior"/>
</service>
</services>
</system.serviceModel>
答案 0 :(得分:5)
有点晚了,我知道,但由于没有贴出答案,我遇到了类似的问题:
我能够使用从跨域客户端访问的经过Windows身份验证的WCF服务(在IIs 7.5中托管)的唯一方法是让客户端通过代理进行调用。有一个额外的跳回代理,但现在我不再依赖JSONP。该服务设置了两个端点,soap和json - 我将整个serviceModel卡在底部以供参考。
所以客户端应用程序(都是.NET Web应用程序)要么:
A)对页面方法(或[HttpPost] MVC控制器方法)进行$ .ajax POST,该方法将WCF作为soap web引用调用:
function EmployeeSearch() {
var searchname = $("#userSearchText").val();
if (searchname.length > 0) {
var d = { name: searchname, pageSize: _pageSize, page: _currentPage };
var jsonData = JSON.stringify(d);
if (json.length > 0) {
$.ajax({
type: "POST",
url: "Home/EmployeeSearch",
data: jsonData,
contentType: "application/json; charset=utf-8",
dataType: "json",
success: employeeSearchSuccess,
error: onError
});
}
}
}
控制器方法(或页面方法):
[HttpPost]
public ActionResult EmployeeSearch(string name, int pageSize, int page)
{
var client = new EmployeeServiceClient();
var searchResult = client.EmployeeSearch(name);
var count = searchResult.Count();
var employees = searchResult.Skip((page - 1) * pageSize).Take(pageSize).ToList();
var viewModel = new EmployeeSearchViewModel
{
Employees = employees,
Size = count
};
return Json(viewModel);
}
OR
B)为HttpHandler创建$ .getJSON,如Dave Wards http://encosia.com/use-asp-nets-httphandler-to-bridge-the-cross-domain-gap/中所述
在上面的示例中,处理程序的ProcessRequest方法中的WebClient.DownoadString()将采用以下url字符串:
http://server/EmployeeService/EmployeeService.svc/Json/EmployeeSearch/searchstring
这两种方法都允许我的服务保持在Windows身份验证下,并且客户端有几种访问服务的方法。额外的跳是刺激性的,但我尽量不去考虑它。
这是整个WCF serviceModel供参考:
<behaviors>
<serviceBehaviors>
<behavior name="EmployeeServiceBehavior">
<serviceTimeouts transactionTimeout="01:00:00"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
<!-- we'd use this one if we wanted to ignore the 'd' wrapper around the json result ... we don't -->
<endpointBehaviors>
<!-- plain old XML -->
<behavior name="poxBehavior">
<webHttp helpEnabled="true" />
</behavior>
<!-- JSON -->
<behavior name="jsonBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicBinding"
hostNameComparisonMode="StrongWildcard"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
openTimeout="00:10:00"
closeTimeout="00:10:00"
maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647"
maxBufferPoolSize="524288"
transferMode="Buffered"
messageEncoding="Text"
textEncoding="utf-8"
bypassProxyOnLocal="false"
useDefaultWebProxy="true" >
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<!-- use the following for windows authentication -->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webBinding"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
openTimeout="00:10:00"
closeTimeout="00:10:00"
maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647"
maxBufferPoolSize="524288"
bypassProxyOnLocal="false"
useDefaultWebProxy="true"
>
<!--crossDomainScriptAccessEnabled="true"-->
<!-- use the following for windows authentication -->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="EmployeeService.Wcf.EmployeeService" behaviorConfiguration="EmployeeServiceBehavior">
<endpoint address="Soap" binding="basicHttpBinding" bindingConfiguration="basicBinding" contract="EmployeeService.Wcf.IEmployeeService"/>
<endpoint address="Json" binding="webHttpBinding" bindingConfiguration="webBinding" behaviorConfiguration="poxBehavior" contract="EmployeeService.Wcf.IEmployeeService" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
一个补充 - 上述示例方法的OperationContract在ServiceContract中设置如下:
[OperationContract]
[WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json, UriTemplate = "EmployeeSearch/{name}")]
List<Employee> EmployeeSearch(string name);