1

我有一个 C# 应用程序,用于将报告部署到 SSRS 实例。它一直运作良好。为了提高安全性,我决定将 SSRS 从使用 NT AUTHORITY\NETWORK SERVICE 帐户更改为使用专用域帐户。我使用 Reporting Services 配置管理器进行更改。现在我的应用程序抛出 MessageSecurityException:

HTTP 请求未经客户端身份验证方案“协商”的授权。The authentication header received from the server was 'Negotiate oYGEMIGBoAMKAQGiegR4YHYGCSqGSIb3EgECAgMAfmcwZaADAgEFoQMCAR6kERgPMjAxMjA3MjQxNzIyNTBapQUCAwUAuaYDAgEpqQ4bDFZFUlRFWC5MT0NBTKoqMCigAwIBA6EhMB8bBGhvc3QbF3Z0eC1kZXYtMDEudmVydGV4LmxvY2Fs'.

我调用以下方法:

public static ReportService.ReportingService2010SoapClient Connect(StreamWriter logFile, string reportingServicesUri)
{
    //Connect with the user's Windows credentials
    try
    {
        BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
        basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
        basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
        basicHttpBinding.SendTimeout = new TimeSpan(0, 10, 0);
        EndpointAddress endpoint = new EndpointAddress(reportingServicesUri);
        var rs = new ReportService.ReportingService2010SoapClient(basicHttpBinding, endpoint);
        rs.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
        rs.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
        return rs;
    }
    catch (UriFormatException)
    {
        Common.WriteToLog(logFile, "Connect: " + reportingServicesUri + " does not point to a valid SSRS instance.", false);
    }

    return null;
}

然后我调用这个方法(这是捕获异常的地方):

private static CatalogItem FindFirstItem(ReportingService2010SoapClient rs, StreamWriter logFile, String itemPath, String itemName)
{
    CatalogItem[] items;
    var itemsNames = new string[] { itemName };
    string indentText = "";
    Console.WriteLine(indentText + "Searching for " + itemPath + '/' + itemName + "...");

    try
    {
        TrustedUserHeader userHeader = new TrustedUserHeader();
        var properties = new Property[1];
        properties[0] = new Property();
        properties[0].Name = "Recursive";
        properties[0].Value = "false";
        var conditions = new SearchCondition[1];
        conditions[0] = new SearchCondition();
        conditions[0].Condition = ConditionEnum.Equals;
        conditions[0].ConditionSpecified = true;
        conditions[0].Name = "Name";
        conditions[0].Values = itemsNames;
        rs.FindItems(userHeader, "/" + itemPath, BooleanOperatorEnum.And, properties, conditions, out items);

        if (items.Length == 0)
            return null;

        return items[0];
    }
    catch (FaultException e)
    {
        if (!e.Message.Contains("cannot be found"))
            Common.WriteToLog(logFile, "FindFirstItem: " + e.Message, false);
    }
    catch (MessageSecurityException e)
    {
        throw;
    }

    return null;
}

我仍然可以使用浏览器中的报告管理器 URL 访问此 SSRS 实例的数据源。我的应用程序仍然适用于使用 NT AUTHORITY\NETWORK SERVICE 作为服务帐户的 SSRS 实例。我怎样才能让这个应用程序再次与这个 SSRS 实例一起工作?

4

1 回答 1

0

WCFTestClient HTTP 请求未经授权,客户端身份验证方案“匿名”

Customer_PortClient proxy = new Customer_PortClient();
proxy.ClientCredentials.Windows.AllowedImpersonationLevel =    
         System.Security.Principal.TokenImpersonationLevel.Impersonation;
于 2015-07-22T21:04:55.673 回答