ClientCredentialType=Windows 和 =Ntlm 之间的区别 [英] Difference between ClientCredentialType=Windows and =Ntlm
问题描述
任何人都可以清楚地解释使用
Can anyone give a clear explanation of the difference between using
clientCredentialType=Windows和clientCredentialType=Ntlm
在托管 WCF 服务时在服务器端 Web.config 中?
in a server-side Web.config when hosting a WCF service?
我有一个 SOAP 1.1 (basicHttpBinding) 服务,用于与现有客户端进行互操作.它使用 ASP.NET 角色,因此需要对客户端进行身份验证.
I have a SOAP 1.1 (basicHttpBinding) service for interop with existing clients. It uses ASP.NET roles so needs clients to be authenticated.
当我使用 VS2005 (Cassini) 服务器托管服务时,我必须指定 ClientCredentialType=Ntlm 如上,并选中 Ntlm 身份验证框VS2005 中的项目属性.ClientCredentialType=Windows 不起作用 - 客户端得到:
When I am using the VS2005 (Cassini) server to host the service, I have to specify ClientCredentialType=Ntlm as above, and check the Ntlm authentication box in the project properties in VS2005. ClientCredentialType=Windows doesn't work - clients get a:
401 未经授权的错误
401 Unauthorized error
但是,当我在 IIS 下运行时,情况正好相反:ClientCredentialType=Windows 有效,而 ClientCredentialType=Ntlm 失败.
However when I'm running under IIS, it's the other way around: ClientCredentialType=Windows works, and ClientCredentialType=Ntlm fails.
任何人都可以解释这一点,最好建议一种方法,我可以使用相同的 web.config 文件在 Cassini 和 IIS 中运行该服务?
Can anyone explain this, and preferably suggest a way I can have the same web.config file to run the service in Cassini and IIS?
更新
我的开发机器上有 .NET 3.5 SP1,它是在域中运行的 XP SP2.因此,Cassini 在域帐户下运行,而 IIS 5.1 在本地帐户下运行.
I have .NET 3.5 SP1 on my dev machine, which is XP SP2 running in a domain. Cassini therefore runs under a domain account, and IIS 5.1 under a local account.
我想知道这是否与这些文章中描述的 .NET 3.5SP1 中的重大更改有关.
I wonder if it could be related to the breaking change in .NET 3.5SP1 described in these articles.
http://www.aspnetpro.com/newsletterarticle/2008/12/asp200812ab_l/asp200812ab_l.asphttp://msmvps.com/blogs/alvin/archive/2008/11/14/net-3-5-sp1-break-change-to-wcf.aspxhttp://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?反馈ID=354236
当服务器在域帐户下运行时,情况听起来类似于 clientCredentialType=Windows 失败(这是我使用 Cassini 的情况 - 作为我的普通域用户帐户运行),并且在本地帐户(这是我使用 IIS 的情况).
The situation sounds similar as clientCredentialType=Windows fails when the server is running under a domain account (which is my situation with Cassini - running as my normal domain user account), and works when running under a local account (which is my situation with IIS).
问题是建议的修复需要更改 WCF 客户端配置文件 - 但就我而言,我将 SOAP 1.1 (basicHttpBinding) 与非 WCF 客户端一起使用.
The problem is that the suggested fixes require changes to a WCF client configuration file - but in my case I'm using SOAP 1.1 (basicHttpBinding) with non-WCF clients.
推荐答案
clientCredentialType=Windows 使用可以通过 Active Directory 和 NTLM 的内置 Windows 身份验证.
clientCredentialType=Windows uses the built in Windows authentication which can be through Active Directory and NTLM.
显然 NTLM 类型只会使用 NTLM 进行身份验证.
Obviously the NTLM type will only use NTLM for authentication.
我相信你已经看过了,但这里有一个 WCF 安全的链接:http://msdn2.microsoft.com/en-us/library/ms734769.aspx
I'm sure you've seen it already, but here is a link to WCF security: http://msdn2.microsoft.com/en-us/library/ms734769.aspx
有关您的设置的更多详细信息会有所帮助.IIS 和 Cassini 服务器是否在同一台机器上运行?如果没有,您是否在每个盒子上设置了相同的帐户?默认情况下,IIS6 支持 NTLM,因此您应该可以正常使用它.
Some more details on your setup would help. Are the IIS and Cassini servers running on the same box? If not do you have the same accounts setup on each box? IIS6 by default supports NTLM, so you shouldn't have a problem getting it to work.
这篇关于ClientCredentialType=Windows 和 =Ntlm 之间的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
