让WCF服务IntegratedWindowsAuthentication [英] Make Wcf Service IntegratedWindowsAuthentication
问题描述
我米得到以下错误,当我没设置Windows身份验证启用和匿名为禁用IIS中。
I m getting the following error when I did set the Windows Authentication enable and anonymous to disabled in IIS.
在主机上配置的身份验证方案 ('IntegratedWindowsAuthentication')不允许那些配置上 结合basicHttpBinding的(匿名)。请确保 SECURITYMODE设置为传输或TransportCredentialOnly。 此外,这可以通过改变认证解决 此应用程序通过IIS管理工具,通过方案 的ServiceHost.Authentication.AuthenticationSchemes属性,在 在应用配置文件 元件,通过更新ClientCredentialType属性上的 结合或通过调整AuthenticationScheme属性上的 HttpTransportBindingElement。
The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
我的WCF服务的web.config如下:......
My Wcf Service's web.config is as follows...
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
contract="Test.IService1" name="BasicHttpEndpoint" />
</client>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceAuthenticationManager
authenticationSchemes="IntegratedWindowsAuthentication"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
请指点。
推荐答案
在净4.0+, < STRONG>简体WCF配置 使用匿名配置时的配置没有明确在每个服务基础上设置的&lt;服务&GT;部分。如果您删除从名称=BasicHttpEndpointBinding的&lt;结合&GT;元素;如果你复制了&LT;结合&GT;元素没有name属性的新元素,它将成为默认情况下,匿名绑定你的WCF服务将使用。但至少你可以设置一个默认配置为不具有特定的配置集服务 - 在您需要服务,以及使用WCF服务,可能不是所有具有相同的配置,这是经常的情况下非常有用。默认的/匿名的概念也适用到&lt;行为&GT;元素。
In .Net 4.0+, Simplified WCF configuration uses the 'anonymous' configurations when configurations are not explicitly set on a per-services basis in the <services> section. If you remove the name="BasicHttpEndpointBinding" from the <binding> element, or if you duplicate that <binding> element as a new element with no name attribute, it will become the default, anonymous binding that your WCF services will use. This is often useful in cases where you need to serve as well as consume WCF services that may not all have the same config - but at least you can set a default config for the services that do not have a specific config set. The default/anonymous concept is also applicable to <behavior> elements.
<bindings>
<basicHttpBinding>
<binding> <!--Notice, no name attribute set-->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
另外,我想补充一点,如果你的WCF服务要求身份验证,这意味着你要么需要使用真正的用户帐户来使用该服务,或者您需要授予该服务的域\ CLIENTCOMPUTERNAME $帐户访问 - 所以,也许对许多人来说,正确的解决方案可能是改变配置,而不是允许匿名访问(这是不是我的答案讨论)。不过,我有时竟选择与Windows(Kerberos的)身份验证确保我的WCF服务。
Also, I might add that if your WCF services require authentication, this means that you will either need to consume the service using a real user account, or you will need to grant the the DOMAIN\CLIENTCOMPUTERNAME$ account access to the service - so, perhaps the proper solution for many people may be to alter the configuration to instead allow anonymous access (which is not discussed in my answer). Still, I do sometimes actually elect to secure my WCF services with Windows (Kerberos) authentication.
这篇关于让WCF服务IntegratedWindowsAuthentication的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
