WCF无法与Windows身份验证一起使用 [英] WCF not working with windows authentication
问题描述
我正在将WCF服务与HTTP端点一起使用.它可以与匿名身份验证一起正常工作.更改为Windows身份验证后,我收到此错误:
I am using WCF service with HTTP end point. it works fine with annonymous authentication. after changing to windows authentication, i am getting this error:
我正在通过IIS 5.1托管wcf.
I am hosting wcf through IIS 5.1.
这是我的服务器绑定安全性:
Here is my server binding security:
< wsHttpBinding >
<wsHttpBinding>
< 绑定 名称 = " wsHttpBinding1 " closeTimeout = " 00:10:00 " openTimeout = " 00:10:00 " receiveTimeout = " 00:10:00 " sendTi meout = " 00:10: 00 " transactionFlow = " 否 " hostNameComparisonMode = " StrongWildcard " <字体color =#0000ff" size = 2> maxBufferPoolSize = " 524288 " maxReceivedMessageSize = " 字体> <字体颜色=#0000ff" si ze = 2> 5000000 " >
<binding name="wsHttpBinding1" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="5000000">
< readerQuotas maxDepth = " 32 " maxStringContentLength = " 8192 " maxArrayLength = " 6000000 " <字体color =#0000ff" size = 2> maxBytesPerRead = " 4096 " maxN ameTableCharCount = " 16384 " />
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="6000000" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
< reliableSession 已订购 = " true " inactivityTimeout = " 00:10:00 " 已启用 = " false " />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
< 安全性 模式 = " 消息 " >
<security mode="Message">
< 消息 clientCredentialType = " Windows " negotiateServiceCredential = " true " 建立SecurityContext = " true " <字体color =#0000ff" size = 2>/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />
</ 安全性 >
</security>
</ 绑定 >
</binding>
</ wsHttpBinding >
和我的客户:
< wsHttpBinding >
<wsHttpBinding>
< 绑定 名称 = " w SHttpBinding1 " closeTimeout = " 00:10:00 " openTimeout = &; 00:10:00 " receiveTimeout = " 00:30:00 " sendTi meout = " 00:10: 00 " bypassProxyOnLocal = " 否 " transactionFlow = " false " <字体color =#0000ff" size = 2> hostNameComparisonMode = " StrongWildcard " maxBufferPoolSize = " 字体> 524288 " maxReceivedMessageSize = " 9000000 " messageEncoding = " 文本 " <字体颜色=#0000ff" size = 2> <字体颜色=#ff0000" size = 2> textEncoding <字体颜色=#0000ff" size = 2> = " utf-8 " useDefaultWebProxy = " true " <字体color =#ff0000" size = 2> allowCookies = " 否 " >
<binding name="wSHttpBinding1" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:30:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="9000000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
< readerQuotas maxDepth = " 32 " maxStringContentLength = " 8192 " maxArrayLength = " 600000 " <字体color =#0000ff" size = 2> maxBytesPerRead = " 4096 " maxNa meTableCharCount = " 16384 " />
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="600000" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
< reliableSession 已订购 = " true " inactivityTimeout = " 00:10:00 " 已启用 = " false " />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
< 安全性 模式 = " 消息 " >
<security mode="Message">
< 消息 clientCredentialType = " Windows " negotiateServiceCredential = " 否 " algorithmSuite = " 默认 " <字体颜色=#0000ff" size = 2> <字体颜色=#ff0000" size = 2>建立SecurityContext <字体颜色=#0000ff" size = 2> = " 否 " />
<message clientCredentialType="Windows" negotiateServiceCredential="false" algorithmSuite="Default" establishSecurityContext ="false"/>
</ 安全性 >
</security>
</ 绑定 >
</binding>
</ wsHttpBinding >
</wsHttpBinding>
我也以身份指定了spn:
I have specified spn in identity as well:
< 端点 地址 = http://localhost/test/test.svc 绑定 = " wsHttpBinding " > bindingConfiguration = " w SHttpBinding1 " 合约 = " ; test .Itest " 名称 = &; WSHttpBinding_Itest " ; >
<endpoint address=http://localhost/test/test.svc binding="wsHttpBinding" bindingConfiguration="wSHttpBinding1" contract="test.Itest" name="WSHttpBinding_Itest">
< 身份 >
<identity>
< servicePrincipalName 值 = " HOST/mypcname " />
<servicePrincipalName value ="HOST/mypcname"/>
</ 身份 >
</identity>
</ 端点 >
</endpoint>
有什么想法吗?
在IIS中托管我的服务时的spn是什么?我已经安装了setspn.exe并检查了安装在我电脑中的有效spn是:
What will be the spn while hosting my service in IIS? i ahave installed setspn.exe and checked that the valid spn installed in my pc are :
1. SMTPSVC/我的PC名称和域名
1. SMTPSVC/my pc name with domain name
2. SMTPSVC/我的电脑名称
2. SMTPSVC/my pc name
3.主机/我的PC名称和域名
3. HOST/my pc name with domain name
4.主机/我的电脑名称
4. HOST/my pc name
我应该为我的服务注册单独的SPN吗?请帮忙.
Should I register separate SPN for my service? Please help.
谢谢.
推荐答案
您的怀疑是正确的,您需要注册SPN.
Your suspicion is correct you need to register the SPN.
这是一个很好的链接.
http://blogs.technet.com /authentication/
这篇关于WCF无法与Windows身份验证一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!