73

我创建了一个 WCF 服务并将其部署在服务器上。当我浏览此服务时,它会使用 ?wsdl URL 给我积极的响应。现在我正在尝试通过 WCF 测试客户端测试服务。它显示正确的元数据。但是当我尝试从服务中调用任何方法时,它会向我显示一个异常......这里是带有堆栈跟踪的错误详细信息......

HTTP 请求未经客户端身份验证方案“匿名”授权。从服务器收到的身份验证标头是“协商,NTLM”。

服务器堆栈跟踪:


System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
客户端身份验证方案“匿名”的 HTTP 请求未经授权。从服务器收到的身份验证标头是“协商,NTLM”。

服务器堆栈跟踪:


System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest 请求,HttpWebResponse 响应,WebException responseException,HttpChannelFactory 工厂)

客户端绑定:

<bindings>
    <wsHttpBinding>
        <binding name="WSHttpBinding_IServiceMagicService" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
            bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
            allowCookies="false">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
            <reliableSession ordered="true" inactivityTimeout="00:10:00"
                enabled="false" />
            <security mode="None">
                <transport clientCredentialType="Windows" proxyCredentialType="None"
                    realm="" />
                <message clientCredentialType="Windows" negotiateServiceCredential="true"
                    establishSecurityContext="true" />
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

服务器绑定:

<bindings>
  <wsHttpBinding>
    <binding name="WSHttpBinding_SEOService" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="999524288" maxReceivedMessageSize="655360000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="900000" maxArrayLength="900000" maxBytesPerRead="900000" maxNameTableCharCount="900000" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
      <security mode="None">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />
      </security>
    </binding>
    <binding name="WSHttpServiceMagicBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="999524288" maxReceivedMessageSize="655360000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="900000" maxArrayLength="900000" maxBytesPerRead="900000" maxNameTableCharCount="900000"/>
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
      <security mode="None">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

客户的客户部分:

<client>
    <endpoint address="http://hydwebd02.solutions.com/GeoService.Saveology.com/ServiceMagicService.svc"
        binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IServiceMagicService"
        contract="IServiceMagicService" name="WSHttpBinding_IServiceMagicService" />
</client>

服务器服务部分:

<services>
    <service behaviorConfiguration="GeoService.Saveology.com.CityStateServiceProviderBehavior"
    name="GeoService.Saveology.com.CityStateServiceProvider">
    <endpoint binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_SEOService"
        contract="SEO.Common.ServiceContract.ICityStateService" />
    <endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
        contract="IMetadataExchange" />
    </service>
    <service behaviorConfiguration="GeoService.Saveology.com.ServiceMagicServiceProviderBehavior"
    name="GeoService.Saveology.com.ServiceMagicServiceProvider">
    <endpoint binding="wsHttpBinding" bindingConfiguration="WSHttpServiceMagicBinding" 
        contract="SEO.Common.ServiceContract.IServiceMagicService">
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange" />
    </service>
</services>
4

10 回答 10

84

我无法控制我调用的服务的安全配置,但遇到了同样的错误。我能够按如下方式修复我的客户。

  1. 在配置中,设置安全模式:

    <security mode="TransportCredentialOnly">
  <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

  2. 在代码中,将代理类设置为允许模拟(我添加了对名为 customer 的服务的引用):

    Customer_PortClient proxy = new Customer_PortClient();
proxy.ClientCredentials.Windows.AllowedImpersonationLevel =    
         System.Security.Principal.TokenImpersonationLevel.Impersonation;
于 2010-03-09T14:28:36.920 回答
13

我也有类似的问题,你试过了吗:

proxy.ClientCredentials.Windows.AllowedImpersonationLevel =   
          System.Security.Principal.TokenImpersonationLevel.Impersonation;
于 2009-09-11T19:34:24.410 回答
10

我发现这个错误的另一种可能的解决方案。可能没有回答 OP 的确切问题,但可能会帮助其他偶然发现此错误消息的人。

我正在使用 WebHttpBinding 在代码中创建我的客户端,以便复制以下行:

<security mode="TransportCredentialOnly">
  <transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>

我必须做:

var binding = new WebHttpBinding(WebHttpSecurityMode.TransportCredentialOnly);
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Windows;

以及设置proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

于 2013-03-13T21:38:18.053 回答
7

我看到这还没有回答,这是来自这里的确切引用:

WSHttpBinding 将尝试在 SSP 层执行内部协商。为了成功,您需要在 IIS 中为 VDir 允许匿名。然后默认情况下,WCF 将从 SPNEGO 执行窗口凭据。在 IIS 层允许匿名是不允许任何人进入的,它遵循 WCF 堆栈。

我通过以下方式找到了这个:http: //fczaja.blogspot.com/2009/10/http-request-is-unauthorized-with.html

谷歌搜索后:http ://www.google.tt/#hl=en&source=hp&q=+The+HTTP+request+is+unauthorized+with+client+authentication+scheme+%27Anonymous

于 2010-02-08T14:03:44.190 回答
6

我遇到了类似的问题,并尝试了上面建议的所有方法。然后我尝试将 clientCreditialType 更改为 Basic 并且一切正常。

<basicHttpBinding>
    <binding name="BINDINGNAMEGOESHERE" >
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic"></transport>
      </security>
    </binding>
  </basicHttpBinding>
于 2015-10-09T10:14:00.733 回答
3

这是我必须做的才能让这个工作。这表示:

  1. 自定义 UserNamePasswordValidator(不需要 Windows 帐户、SQLServer 或 ActiveDirectory——您的 UserNamePasswordValidator 可以硬编码用户名和密码,或者从文本文件、MySQL 或其他文件中读取)。
  2. https
  3. IIS7
  4. .net 4.0

我的网站是通过 DotNetPanel 管理的。它有 3 个虚拟目录的安全选项:

  1. 允许匿名访问
  2. 启用基本身份验证
  3. 启用集成 Windows 身份验证

只需要“允许匿名访问”(尽管这本身还不够)。

环境

proxy.ClientCredentials.Windows.AllowedImpersonationLevel =  System.Security.Principal.TokenImpersonationLevel.Impersonation;

对我的情况没有影响。

但是,使用此绑定有效:

      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="Windows" />
        <message clientCredentialType="UserName" />
      </security>
于 2010-05-20T18:22:22.937 回答
2

我今天遇到了同样的错误,在将我们的服务调用外部服务部署到 azure 中的暂存环境之后。本地服务调用外部服务没有错误,但部署后它没有。

最后证明是外部服务有IP验证。Azure 中的新环境有另一个 IP,它被拒绝了。

因此,如果您在调用外部服务时遇到此错误

这可能是IP限制。

于 2015-10-07T14:28:51.093 回答
0

刚刚在开发机器上遇到了这个问题(生产工作正常)。我在 IIS 中修改了我的配置以允许匿名访问,并将我的姓名和密码作为凭据。

我确信这不是最好的方法,但它适用于测试目的。

于 2010-01-21T18:31:31.667 回答
0

尝试在您的客户端中提供用户名和密码,如下所示

client.ClientCredentials.UserName.UserName = @"Domain\username";
client.ClientCredentials.UserName.Password = "password";
于 2013-08-12T13:06:17.227 回答
0

我也有这个错误,最后这个代码在dot net core 3.1中对我有用

首先在命令提示符下安装svcutil :dotnet tool install --global dotnet-svcutil

然后关闭命令提示符并再次打开它。

然后在命令提示符下创建Reference.cs :

dotnet-svcutil http://YourService.com/SayHello.svc

(它需要一个输入键和用户名和密码)

将名为Connected Services的文件夹添加到项目根目录。

Reference.cs 文件复制到 Connected Services 文件夹。

在创建 BasicHttpBinding 和设置 MaxBufferSize 的行之后将这4 行添加到 Reference.cs:

result.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
result.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
result.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
result.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

在您的 Controller 中使用此服务:

public async Task<string> Get()
    {
        try
        {
            var client = new EstelamClient();
            client.ClientCredentials.UserName.UserName = "YourUserName";
            client.ClientCredentials.UserName.Password = "YourPassword";
            var res = await client.EmployeeCheckAsync("service parameters");
            return res.ToString();
        }
        catch (Exception ex)
        {
            return ex.Message + " ************ stack : " + ex.StackTrace;
        }

    }

不要忘记在 csproj 中安装这些包:

<PackageReference Include="System.ServiceModel.Duplex" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.Http" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.Security" Version="4.6.*" />
于 2020-12-18T07:35:04.863 回答