在Linux机器上运行C#应用程序时,SOAP身份验证失败 [英] SOAP authentication fails when running a c# app on a linux box
问题描述
我正在尝试通过c#应用程序连接到第三方SOAP服务。在Windows机器上运行应用程序时,以下代码有效:
I'm trying to connect to a third-party SOAP service via a c# app. The following code works when running the app on a Windows machine:
var ws = new MyWebServiceClient();
ws.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("myusername", "mypassword", "mydomain");
var response = ws.SomeEndpoint();
Element xmlResult = response.Result.SomeEndpoint;
...
但是如果我运行相同的代码在Linux或Mac OS上,它会失败,并显示以下信息:
But if I run the same code from Linux or Mac OS, it fails with:
HTTP请求未经客户端身份验证方案'Negotiate'的授权。从服务器收到的身份验证标头是协商,NTLM。
我有一个Python应用程序,在运行时可以使用相同的SOAP服务在任何操作系统上都没有遇到问题,因此问题不在我的linux发行版/设置中。
I have a python app that can consume that same SOAP service when running on any operating system without running into issues, so the problem isn't in my linux distribution/setup.
有人见过吗.NET核心有类似问题还是找到了解决方法?
我发现此问题报告指出,早期版本的.NET Core具有局限性/错误,可能会导致与我所看到的行为类似的行为,但它声称这些问题已在RC2之后得到解决。
I found this issue report that suggests that the earlier versions of .NET core had limitations/bugs that could cause behavior similar to what I'm seeing, but it claims that those issues were resolved after RC2.
假定问题报告错误并且问题仍然存在于Linux / Mac发行版中。 NET核心,有人知道我如何获得与 SOAP 客户端一起使用的该文章中建议的 CredentialCache 解决方法吗?我是.NET的新手,而.NET soap客户端的新手是 super ,所以我很抱歉这是一个天真的问题。
Assuming that issue report is wrong and that the issue still remains in the Linux/Mac distribution of .NET core, does anyone know how I can get the CredentialCache workaround, suggested in that article, working with a SOAP client? I'm pretty new to .NET and super new to .NET soap clients, so I apologize if that's a naive question.
看来,对于非Windows系统,.net核心在协商失败后无法尝试NTLM。我从python应用程序知道NTLM可以使用此特定的SOAP服务。 如何强制其跳过协商并直接转到NTLM?看来,这就是上面的 CredentialCache 解决方法文章,正在做。我只是不知道如何使它与SOAP服务一起使用...
It seems that, for non-Windows, .NET core is failing to attempt NTLM after Negotiate fails. I know, from the python app, that NTLM works with this particular SOAP service. How can I force it to skip "Negotiate" and and go straight to NTLM? It seems that that is what the CredentialCache workaround, from the above article, is doing. I just can't figure out how to make that work with a SOAP service...
推荐答案
.Net Core SOAP客户端NTLM身份验证和凭据缓存
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
EndpointAddress endpoint = new EndpointAddress("http://myservice");
var factory = new ChannelFactory<IMyService>(basicHttpBinding, endpoint);
CredentialCache myCredentialCache = new CredentialCache();
NetworkCredential myCreds = new NetworkCredential("username", "password", "domain");
myCredentialCache.Add("ContoscoMail", 45, "NTLM", myCreds);
factory.Credentials.Windows.ClientCredential =
myCredentialCache.GetCredential("ContosoMail", 45, "NTLM");
var client = factory.CreateChannel();
// ... use the webservice
更新:这是一个错误已在2.1中修复
已遇到此处并已作为错误此处修复,它应与.net core一起使用2.1(未发布且未计划在 Q1 2018 中使用)。
因此,现在,从Linux连接时,您应该尝试使用另一种身份验证(请参见 RuntimeInformation.IsOSPlatform )。
Update: it's a bug fixed in 2.1
As already encountered here and fixed as a bug here, it should work with .net core 2.1 (not released and scheduled for Q1 2018).
So right now, you should try to use another type of authentication when connecting from Linux (look at RuntimeInformation.IsOSPlatform).
这篇关于在Linux机器上运行C#应用程序时,SOAP身份验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
