HTTP 请求未经授权，客户端身份验证方案为“协商".从服务器收到的身份验证标头是“NTLM" [英] The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'

问题描述

几天前，在客户端和 wcf Web 服务之间使用 Windows 身份验证时，我对身份验证问题感到非常头疼.我得到的错误是HTTP 请求未经客户端身份验证方案‘协商’授权.从服务器收到的身份验证标头是NTLM".堆栈上的解决方案都没有工作，因为它们中的大多数都与旧方法有关.

Few days ago I had quite a headache with authentication problems when using Windows authentication between client and wcf web service. The error I was getting was "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was "NTLM". None of the solutions on stack worked because most of them were related to old methods.

推荐答案

答案: 问题是针对此类问题的所有帖子都与较旧的 kerberos 和 IIS 问题有关，其中代理凭据或AllowNTLM 属性有帮助.我的情况不同.经过数小时从地面挑选蠕虫病毒后，我发现有些 IIS 安装在 IIS Windows 身份验证提供程序列表下没有包括 协商提供程序.所以我不得不添加它并向上移动.我的 WCF 服务开始按预期进行身份验证.这是屏幕截图，如果您使用 Windows 身份验证并关闭匿名身份验证.

THE ANSWER: The problem was all of the posts for such an issue were related to older kerberos and IIS issues where proxy credentials or AllowNTLM properties were helping. My case was different. What I have discovered after hours of picking worms from the ground was that somewhat IIS installation did not include Negotiate provider under IIS Windows authentication providers list. So I had to add it and move up. My WCF service started to authenticate as expected. Here is the screenshot how it should look if you are using Windows authentication with Anonymous auth OFF.

您需要右键单击 Windows 身份验证并选择提供程序菜单项.

You need to right click on Windows authentication and choose providers menu item.

希望这有助于节省一些时间.

Hope this helps to save some time.

这篇关于HTTP 请求未经授权，客户端身份验证方案为“协商".从服务器收到的身份验证标头是“NTLM"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！