我在IIS中托管了WCF服务,启用了集成的Windows身份验证并禁用了匿名身份验证。当我尝试从ASP.NET调用此服务时,我收到以下MessageSecurityException:
“HTTP请求未经授权,客户端身份验证方案'Negotiate'。从服务器收到的身份验证标头是'Negotiate,NTLM'。”“
有什么想法吗?
这是我的服务配置:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="CalculatorServiceBasicHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Service.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior">
<endpoint name="BasicHttpEndpoint"
address=""
binding="basicHttpBinding"
bindingConfiguration="CalculatorServiceBasicHttpBinding"
contract="Framework.ICalculatorService">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
这就是我调用服务的方式:
var basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var factory = new ChannelFactory<Framework.ICalculatorService>(basicHttpBinding, new EndpointAddress("http://localhost/CalculatorService/CalculatorService.svc"));
factory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
var proxy = factory.CreateChannel();
var emailAddress = proxy.GetMyEmailAddress();
((ICommunicationObject)proxy).Close();
factory.Close();
答案 0 :(得分:1)
您的WCF配置对我有用,因此您很可能没有为您的WCF服务(可能还有您的ASP.NET客户端)正确配置IIS。确保托管服务的IIS站点按照此TechNet article for IIS 7.中的说明进行配置。开箱即用,IIS 7未启用Windows身份验证。如果您使用的是IIS 6,那么您需要搜索以查看它是如何配置进行Windows身份验证的。
为服务正确设置IIS后,您需要配置调用您的服务的ASP.NET站点。默认情况下,您的网站的ASP.NET AppPool将使用本地计算机帐户(ApplicationPoolIdentity或可能是NetworkService)。您需要将该帐户更改为适当的域帐户。您还需要确保您的服务允许该域帐户通过在IIS管理器中添加授权规则或更新服务 web.config文件来访问它,如TechNet文章中所述。