在WCF中启用安全性 [英] Enable security in WCF

问题描述

大家好，

我有一个WCF服务，它有大约10。* svc服务。我决定在以下步骤中启用此服务的安全性：

1.在主机服务器中定义托管在其上的服务的用户，并向该用户授予对服务目录的完全访问权限。

2.在IIS中选择该服务并禁用匿名身份验证并启用基本身份验证。

3.并更改web.config如下（添加粗线）：



  <？xml version =" 1.0"？>

  <配置>



  < connectionStrings>

  < / connectionStrings>



  < appSettings>

  &NBSP; < add key =" aspnet：UseTaskFriendlySynchronizationContext"值= QUOT;真" />

  &NBSP; < add key =" APK_Version_Code"值= QUOT; 16" />

  &NBSP; < add key =" APK_Version_Name"值= QUOT; 1.8.6" />

  &NBSP; < add key =" Maintenance_Mode"值= QUOT假QUOT; />

  < / appSettings>

  < system.web>

  &NBSP; < compilation debug =" true" targetFramework = QUOT; 4.5.2" />

  &NBSP; < httpRuntime targetFramework =" 4.5.2" />

  &NBSP; < authentication mode =" Windows">< / authentication>

  < /system.web>

  < system.serviceModel>

  &NBSP; < bindings>

  &NBSP; &NBSP; < basicHttpBinding>

  &NBSP; &NBSP; &NBSP; < binding>

  &NBSP; &NBSP; &NBSP; &NBSP; < security mode =" TransportCredentialOnly">

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < transport clientCredentialType =" Windows" />

  &NBSP; &NBSP; &NBSP; &NBSP; < / security>

  &NBSP; &NBSP; &NBSP; < / binding>

  &NBSP; &NBSP; < / basicHttpBinding>

  &NBSP; < / bindings>

    

  &NBSP; < services>

  &NBSP; &NBSP; < service behaviorConfiguration =" DokkanService.ChargeBehavior" name =" DokkanService.Charge">

  &NBSP; &NBSP; &NBSP; < endpoint address =""结合= QUOT; basicHttpBinding的"&NBSP; contract =" DokkanService.ICharge">

  &NBSP; &NBSP; &NBSP; &NBSP; < identity>

  &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; < dns value =" localhost" />

  &NBSP; &NBSP; &NBSP; &NBSP; < / identity>

  &NBSP; &NBSP; &NBSP; < / endpoint>

  &NBSP; &NBSP; &NBSP; < endpoint address =" mex"结合= QUOT; mexHttpBinding" contract =" IMetadataExchange" />

  &NBSP; &NBSP; < / service>

  &NBSP; < / services>



  &NBSP; < behavior>

  &NBSP; &NBSP; < serviceBehaviors>

  &NBSP; &NBSP; &NBSP; <行为>&NBSP; &NBSP; &NBSP;   

  &NBSP; &NBSP; &NBSP; &NBSP; < serviceMetadata httpGetEnabled =" true" httpsGetEnabled = QUOT;真" />&NBSP; &NBSP; &NBSP; &NBSP;  

  &NBSP; &NBSP; &NBSP; &NBSP; < serviceDebug includeExceptionDetailInFaults =" true" />

  &NBSP; &NBSP; &NBSP; < / behavior>



  &NBSP; &NBSP; &NBSP; < behavior name =" DokkanService.ChargeBehavior">

  &NBSP; &NBSP; &NBSP; &NBSP; < serviceMetadata httpGetEnabled =" true" />  &NBSP; &NBSP; &NBSP;   

  &NBSP; &NBSP; &NBSP; &NBSP; < serviceDebug includeExceptionDetailInFaults =" false" />

  &NBSP; &NBSP; &NBSP; < / behavior>

  &NBSP; &NBSP;   

  &NBSP; &NBSP; < / serviceBehaviors>

  &NBSP; < / behavior>

  &NBSP; < protocolMapping>

  &NBSP; &NBSP; < add binding =" basicHttpsBinding"方案= QUOT; HTTPS" />

  &NBSP; < / protocolMapping>

  &NBSP; < serviceHostingEnvironment aspNetCompatibilityEnabled =" true" multipleSiteBindingsEnabled = QUOT;真" />

  < /system.serviceModel>

  < system.webServer>

  &NBSP; < modules runAllManagedModulesForAllRequests =" true" />

  &NBSP; < directoryBrowse enabled =" true" />

  < /system.webServer>



< / configuration>



4.最后重新启动网络服务。$


当我在服务器端浏览服务时，它请求输入用户名和密码，然后插入它们，然后出现服务列表。但是当我从结果列表中选择Charge.svc时，我在IE中得到以下错误：
$


主机上配置的身份验证方案（'Basic'）不允许这些在绑定'BasicHttpBinding'（'Negotiate'）上配置。 请确保将SecurityMode设置为Transport或TransportCredentialOnly。 此外，可以通过IIS管理工具，通过ServiceHuthentication身份，在< serviceAuthenticationManager>的应用程序配置文件中更改此应用程序的身份验证方案来解决这个问题。
元素，通过更新绑定上的ClientCredentialType属性，或通过调整HttpTransportBindingElement上的AuthenticationScheme属性。



我搜索互联网并测试很多方法但我找不到任何解决方案。我想念哪一步？请帮助。

Hello everyone,
I have a WCF service which has about 10 .*svc services. I decide to enable security on this service the I do below steps:
1. define an user in host server that service hosted on it and grant full access to services directory to that user.
2. in IIS select that service and disable Anonymous Authentication and enable basic Authentication.
3. and change web.config as below(bold lines added):

  <?xml version="1.0"?>
  <configuration>

  <connectionStrings>
  </connectionStrings>

  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
    <add key="APK_Version_Code" value="16" />
    <add key="APK_Version_Name" value="1.8.6" />
    <add key="Maintenance_Mode" value="false" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2"/>
    <authentication mode="Windows"></authentication>
  </system.web>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding>
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    
    <services>
      <service behaviorConfiguration="DokkanService.ChargeBehavior" name="DokkanService.Charge">
        <endpoint address="" binding="basicHttpBinding"  contract="DokkanService.ICharge">
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior>        
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>         
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>

        <behavior name="DokkanService.ChargeBehavior">
          <serviceMetadata httpGetEnabled="true"/>          
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
        
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true"/>
  </system.webServer>

</configuration>

4. finally restart web service.

When i browse service on server side it request for user name and password and I insert them, then the service list appears. but when I select Charge.svc from result list, I get bellow error in IE:

The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

I search internet and test many ways but I cant find any solution. which step I miss? please help.

推荐答案

我发现问题，在IIS中禁用  基本身份验证并启用Windows  认证
来自该服务。

这篇关于在WCF中启用安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！