4

我是网络服务的新手,我有以下问题。我有一个 WCF 服务,它在 IIS 7.5 和 Windows 2008 R2 上以 Windows 身份验证模式运行。当我直接从 IIS 机器调用它时效果很好。但是当我尝试从本地计算机调用服务时,我收到以下错误:401 - 未经授权:由于凭据无效,访问被拒绝。

该服务在本地计算机上运行了几天,然后突然停止了(我不确定,但可能更改了某些配置)。

我直接从 IExplorer 调用服务:http://serveriis/ssopension/service.svc

网络配置:

 <?xml version="1.0" encoding="UTF-8"?>
<configuration>

  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>
            <CipherValue>O8jBoF9YUW3sZtSN+L/Xxhzss=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>
        <CipherValue>C+EeTszivHho8Ujk2oIQ==</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>


<system.web>
    <compilation targetFramework="4.0" />

    <authentication mode="Windows" />

    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
  </system.web>

  <system.serviceModel>

    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service behaviorConfiguration="SSO_Pension.ServiceBehavior" name="SSO_Pension.Service">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" contract="SSO_Pension.IService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>

      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior name="SSO_Pension.ServiceBehavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

    </system.serviceModel>


    <system.webServer>
        <defaultDocument>
            <files>
                <add value="Service.svc" />
            </files>
        </defaultDocument>
    </system.webServer>

</configuration>
4

2 回答 2

4

我在 http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/c9239a89-fbee-4adc-b72f-7a6a9648331f/上找到了解决方案

不管这对谁有帮助,这救了我的命……

IIS 7 很难弄清楚为什么我得到 401 - 未经授权:由于凭据无效,访问被拒绝......直到我这样做......

1.)打开iis并选择导致401的网站

2.) 打开“IIS”标题下的“Authentication”属性

3.) 点击“Windows Authentication”项,然后点击“Providers”

4.) 对我来说,问题在于协商高于 NTLM。我假设在幕后进行了某种握手,但我从未真正通过身份验证。我把 NTLM 移到了最上面的位置,然后 BAM 修复了它。

于 2012-07-11T07:06:39.707 回答
0

谢啦!

我一直在到处寻找这个,包括这两篇文章:

http://blogs.msdn.com/b/distributedservices/archive/2009/11/10/wcf-calling-wcf-service-hosted-in-iis-on-the-same-machine-as-client-throws-身份验证错误.aspx

http://support.microsoft.com/default.aspx?scid=kb;EN-US;926642

这解决了我的问题。

于 2012-09-14T07:26:08.197 回答