1

最近,我一直在开发一个 WCF SOAP 网络服务,它通过托管在 IIS7 上的 DotNetOpenAuth 网络服务受 OAuth 保护。我很高兴地说我已经完成了这个项目——也就是说,它可以在 http 上运行。

下一步是将两个项目(消费者和服务提供者,后者包含 Web 服务)移动到 https。然而,这造成了一些麻烦。

从消费者调用 DataApi.svc 时,我收到以下错误;

Server Error in '/consumerexample/v2' Application.
--------------------------------------------------------------------------------

The username is not provided. Specify username in ClientCredentials. 
Description: An unhandled exception occurred during the execution of the current web request.     Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.InvalidOperationException: The username is not provided. Specify username in ClientCredentials.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 


[InvalidOperationException: The username is not provided. Specify username in ClientCredentials.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +4727747
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +1725
OAuthConsumer.SampleServiceProvider.IDataApi.retrieveTimeTable(String weekVan, String weekTot) +0
OAuthConsumer.SampleServiceProvider.DataApiClient.retrieveTimeTable(String weekVan, String weekTot) in C:\Program Files\TimeTableWebService\consumer\OAuthConsumer\Service References\SampleServiceProvider\Reference.cs:108
OAuthConsumer.<>c__DisplayClass6.<retrieveTimeTable_Click>b__5(DataApiClient client) in C:\Program Files\TimeTableWebService\consumer\OAuthConsumer\GetTimeTable.aspx.cs:76
OAuthConsumer.GetTimeTable.CallService(Func`2 predicate) in C:\Program Files\TimeTableWebService\consumer\OAuthConsumer\GetTimeTable.aspx.cs:129
OAuthConsumer.GetTimeTable.retrieveTimeTable_Click(Object sender, EventArgs e) in C:\Program Files\TimeTableWebService\consumer\OAuthConsumer\GetTimeTable.aspx.cs:76
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3707

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.237

在 http 上,这就像一个魅力。当我在本地调试消费者时,整个 OAuth 授权运行良好。只有在调用 DataApi.svc 中的方法 retrieveTimeTable 时,我才会收到此错误。

在 IIS7 上,我为消费者和服务提供者站点启用了匿名和基本身份验证。web.config 文件如下;

消费者

<system.serviceModel>
  <bindings>
    <wsHttpBinding>
      <binding name="WSHttpBinding_IDataApi" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
     maxBufferPoolSize="524288" maxReceivedMessageSize="999999999" messageEncoding="Text"
     textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">

        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
       maxBytesPerRead="4096" maxNameTableCharCount="16384" />
        <reliableSession ordered="true" inactivityTimeout="00:10:00"
       enabled="false" />

        <security mode="Transport">  
    <transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>  
    <message clientCredentialType="Certificate" algorithmSuite="Default" /> 
        </security>          

      </binding>
    </wsHttpBinding>
  </bindings>

  <client>
    <endpoint address="https://websrv.hszuyd.nl/serviceprovider/v2/DataApi.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDataApi" contract="SampleServiceProvider.IDataApi" name="WSHttpBinding_IDataApi">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>        
  </client>
</system.serviceModel>

服务提供者

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="DataApiBehavior">
        <webHttp />
      </behavior>
      <behavior name="wsHttpEnablingBehaviour">
        <webHttp/>
      </behavior>
    </endpointBehaviors>            

    <serviceBehaviors>  
      <behavior name="DataApiBehavior">
        <serviceMetadata httpsGetEnabled="true" />
        <serviceDebug includeExceptionDetailInFaults="true" />
        <serviceAuthorization serviceAuthorizationManagerType="OAuthServiceProvider.Code.OAuthAuthorizationManager, OAuthServiceProvider" principalPermissionMode="Custom" />
      </behavior>
      <behavior name="wsHttpEnablingBehaviour">
        <serviceMetadata httpsGetEnabled="true"/>
        <serviceDebug includeExceptionDetailInFaults="false"/>
      </behavior>
    </serviceBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

  <bindings>
    <wsHttpBinding>   
      <binding name="wsHttpBinding" maxReceivedMessageSize="999999999">
        <security mode="Transport">
          <transport clientCredentialType="Basic" />    
        </security>
      </binding>               
    </wsHttpBinding>
  </bindings>
  <services>
    <service behaviorConfiguration="DataApiBehavior" name="OAuthServiceProvider.DataApi">
      <clear/>
      <endpoint address="" binding="wsHttpBinding" contract="OAuthServiceProvider.Code.IDataApi" name="Oauth" bindingConfiguration="wsHttpBinding" />               
    </service>
  </services>
</system.serviceModel>

想法?

4

2 回答 2

0

我很抱歉,但我不明白。客户端不应使用基本身份验证。基本身份验证应仅用于 Authorize.aspx 页。所以我认为问题在于webservice本身使用基本身份验证而不是oauth,但我现在不知道如何解决这个问题。如果我删除端点的 binding="wsHttpBinding" 则不起作用。(我是妮可的同事)

于 2012-04-19T15:33:49.073 回答
0

可能您的消费者端使用一些代理来调用提供者,但没有指定基本身份验证所需的用户/通行证。

于 2012-04-19T13:58:36.920 回答