wcf服务安全 [英] wcf service security
问题描述
大家好,
我在服务器中托管了wcf.我想在Windows应用程序中使用该服务.我正在将Windows集成身份验证发送到wcf服务,但是会引发以下错误.
HTTP请求未经客户端身份验证方案协商"授权.从服务器收到的身份验证标头是"Negotiate,NTLM".
iis托管的服务已启用Windows身份验证,并且客户端应用程序和服务都不在同一域中.
Hi all,
I have a hosted wcf in a server. i want to use that service in my windows application . i am sending windows integrated authentication to wcf service but it is throwing the following error.
The HTTP request is unauthorized with client authentication scheme ''Negotiate''. The authentication header received from the server was ''Negotiate,NTLM''.
the service hosted iis is having windows authentication enabled and both client application and service not in same domain.
Any help will be apperciated.
推荐答案
您是否正在使用WsHttpBinding?如果是这样,您将不得不绕过IIS的内置安全性,并让WCF获得授权.在您的虚拟目录上启用匿名身份验证,这应该可以工作.
干杯.
Are you using WsHttpBinding? If so, you''ll have to bypass the built-in security for IIS and let WCF pick up the authorization. Enable anonymous authentication on your virtual directory and this should work.
Cheers.
在客户端应用程序配置中,请确保已按照以下几行设置绑定...
In your client application config, make sure you''ve setup your binding along the following lines...
<bindings>
<basicHttpBinding>
<binding name="MyBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="true" hostNameComparisonMode="StrongWildcard"
maxBufferSize="1000000" maxBufferPoolSize="524288" maxReceivedMessageSize="1000000"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
然后,您可以指定端点以使用绑定配置
Then you can specifiy your endpoints to use the binding config
<client>
<endpoint address="http://SomeDomain/SomeApp/SomeService.svc"
binding="basicHttpBinding" bindingConfiguration="MyBinding"
contract="MyApp.Contracts.ISomeService" name="ISomeService_Endpoint" />
</client>
端点行为...
And endpoint behaviours...
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointCredential">
<clientCredentials>
<windows allowNtlm="true" allowedImpersonationLevel="None" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
在您的WCF服务客户端(ClientBase< t>)中,确保已初始化凭据...我使用了一些包装类来帮助解决此问题和通信故障.
In your WCF service client (ClientBase<t>) make sure you''ve initialised your credentials...I use a little wrapper class to help with this and communication faults.
public class WCFServiceClient<t> : ClientBase<t>,
IDisposable where T : class
{
#region ctors
public WCFServiceClient()
{
this.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
this.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
}
public WCFServiceClient(string endpointConfigurationName) :
base(endpointConfigurationName)
{
}
public WCFServiceClient(string endpointConfigurationName, string remoteAddress) :
base(endpointConfigurationName, remoteAddress)
{
}
public WCFServiceClient(string endpointConfigurationName, System.ServiceModel.EndpointAddress remoteAddress) :
base(endpointConfigurationName, remoteAddress)
{
}
public WCFServiceClient(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress) :
base(binding, remoteAddress)
{
}
#endregion ctors
void IDisposable.Dispose()
{
if (State == CommunicationState.Faulted)
{
Abort();
}
else
{
try
{
Close();
}
catch
{
Abort();
}
}
}
}
</t></t>
您的客户服务类可以仅继承自此+实现您定义的任何服务接口
我的书目 Visual Application Launcher [
Your client service classes can just inherit from this + implement whatever service interface you have defined
My srticle Visual Application Launcher[^] uses a similar approach to the above & has worked OK.
这篇关于wcf服务安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
