0

我被困在以下场景中:我正在从具有身份验证类型 Kerberos 的客户端运行 ac# 程序。我想使用 kerberos 凭据对仍由 NTLM 进行身份验证的 SharePoint 服务器 Web 服务进行身份验证。如何使用带有客户端 Kerberos 凭据的 NTLM 登录到 Web 服务?

作为一个测试程序,我编写了以下内容,我想将其调整为不使用常量用户名、密码和域并且仍然正常运行的程序:

using System;
using System.Security.Principal;
using TestSharePointServices.listService;

namespace TestSharePointServices
{

    class Program
    {
        static void Main(string[] args)
        {
            string username = "myusername";
            string password = "mypassword";
            string domain = "mydomain";

            ListsSoapClient client = new ListsSoapClient();
            if (client.ClientCredentials != null)
            {
                Console.WriteLine("Name: " + WindowsIdentity.GetCurrent().Name);
                Console.WriteLine("Authenticated: " + WindowsIdentity.GetCurrent().IsAuthenticated);
                Console.WriteLine("Authentication Type: " + WindowsIdentity.GetCurrent().AuthenticationType);
                Console.ReadKey();
                client.ClientCredentials.Windows.ClientCredential = 
                    new System.Net.NetworkCredential(username, password, domain);
                client.ClientCredentials.Windows.AllowedImpersonationLevel =
                    System.Security.Principal.TokenImpersonationLevel.Impersonation;
            } 

            string callback = client.GetList("Accounts").ToString();
            Console.WriteLine(callback);
            Console.ReadKey();
        }
    }
}

使用以下 app.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
              <binding name="ListsSoap" closeTimeout="00:05:00" openTimeout="00:05:00" 
                       receiveTimeout="00:30:00" sendTimeout="00:05:00" allowCookies="false" 
                       bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
                       maxBufferPoolSize="524288" maxBufferSize="65536" maxReceivedMessageSize="65536" 
                       textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" 
                       messageEncoding="Text">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
                              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
                  <message clientCredentialType="UserName" algorithmSuite="Default" />
                </security>
              </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://sharepointserver/crm/_vti_bin/Lists.asmx"
                binding="basicHttpBinding" bindingConfiguration="ListsSoap"
                contract="listService.ListsSoap" name="ListsSoap" />
        </client>
    </system.serviceModel>
</configuration>

程序输出:

名称:我的域\我的用户名

认证:真

身份验证类型:Kerberos

屏幕上来自 SharePoint 的 Xml 输出。

4

1 回答 1

2

你不能。Kerberos 与 NTLM 无关。绝对没有。NTLM 仅适用于 Windows。您所能做的就是使用您的 Windows 用户/密码登录并执行 NTLM auch。虽然我强烈建议让您的 SharePoint Kerberos 支持,这不到一小时的工作时间。

于 2013-08-01T08:19:03.853 回答