0

我有带有 Windows 身份验证的 WCF 服务。将其部署到另一台服务器后,我收到以下异常:

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized

客户端配置没有改变,如下所示:

<ws2007HttpBinding>
  <binding name="autoSecureBinding">
    <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""></transport>
      <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="false"/>
    </security>
  </binding>
</ws2007HttpBinding>

编辑:当我在浏览器中打开我的服务时,我收到以下错误:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

有谁知道可能是什么问题?

4

2 回答 2

0

这是我正在使用的仅限 Win auth 的 WCF 服务的工作 web.config(在 IIS 中仅启用了 Windows 身份验证)。

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
    </system.web>
    <system.serviceModel>
        <behaviors>
            <serviceBehaviors>
                <behavior>
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true" />
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        <bindings>
            <basicHttpBinding>
                <binding name="MyBindingForWindowsAuth">
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Ntlm" />
                        <!--<transport clientCredentialType="Windows" />-->
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <services>
            <service name="DataAccessService.Service">
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="DataAccessService.IService" />
                <endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MyBindingForWindowsAuth" contract="IMetadataExchange" />
            </service>
        </services>
    </system.serviceModel>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
        <directoryBrowse enabled="true" />
    </system.webServer>
</configuration>

有了这个设置,如果你想将 ASP.NET 用户身份传递给 WCF,你有 3 个选项:

选项1: 

client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("phil.morris", "P4ssW0rd", "mydomain");

选项 2:

使用模拟:

using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
    string s = client.GetUserInfo();
    retVal = "Wcf User: " + s;
}

选项 3:
在调用方 ASP.NET 应用程序中启用 ASP.NET 模拟

于 2014-01-30T19:29:43.517 回答
0

同一活动目录域下是否有另一台服务器?

您还想转到目标 IIS 并查看站点/应用程序身份验证设置是否将“Windows 身份验证”设置为“启用”。(请参阅下面的 IIS7 屏幕) 身份验证设置图标

启用窗口身份验证

于 2013-06-06T09:33:27.967 回答