WCF - 如何配置为NetTcpBinding的NTLM身份验证？ [英] WCF - How to configure netTcpBinding for NTLM authentication?

问题描述

我知道如何配置basicHttpBinding的为NTLM身份验证，但不能想出一个办法做同样的NetTcpBinding的。

是否NetTcpBinding的支持NTLM？如果是这样，如何​​强制WCF服务使用NTLM？

使用身份元件由于某些原因没有在所有的工作顺便说一句公知的方法。我期待这样的事情 - clientCredentialType =NTLM，但对TCP。
这里是basicHttp设置：

 ＆LT;＆basicHttpBinding的GT;
  ＆LT;绑定名称=basicHttpBinding的＆GT;
  ＆LT;安全模式=TransportCredentialOnly＆GT;
  ＆LT;运输clientCredentialType =NTLM/＆GT;
  ＆LT; /安全＆GT;
  ＆LT; /＆结合GT;
＆LT; / basicHttpBinding的＆GT;
 

解决方案

下面是COM prehensive答案我终于找到了，测试和确认。

一个。我的WCF客户端用于动态建立一个EndPoint.Address如下

 的EndpointAddress myEdpintAddress =新的EndpointAddress（stringURL）;
 

但是，在一个安全的传输（的net.tcp）它具有的情况下，进行初始化如下
的EndpointAddress myEdpintAddress =新的EndpointAddress（新UrRL（串），myEndPointIdentity ）

如果没有EndPointIdentity参数中的EndpointAddress对象的身份属性为null，并产生了......目标主要名称不正确......在服务器端错误。

乙。我们的域控制器支持Kerberos和NTLM身份验证。上述步骤完成后，一般有上的net.tcp绑定客户端四个配置方案，如果安全性比无等，而WCF服务作为域帐户：

1. 没有＆LT;身份＆gt;在指定的客户端终结点元素 - WCF调用失败




2. ＆LT;身份＆GT; 提供的元素，但对于DNS，userPrioncipalName或的servicePrincipalName元素的空值 - WCF调用成功，但使用NTLM身份验证




3. ＆LT;同一性GT; 提供了DSN或SPN的价值元素 - WCF调用全成;服务使用NTLM身份验证。




4. ＆LT;同一性GT; 提供的UPN正确的价值元素 - WCF调用全成;服务使用Kerberos验证。对于UPN触发NTLM身份验证不正确或缺失值

感谢。

I know how to configure basicHttpBinding for NTLM authentication, but can't figure out a way to do the same for netTcpBinding.

Does netTcpBinding support NTLM? If so, how to force WCF service to use NTLM?

BTW a well known method using identity element for some reason didn't work at all. I am looking for something like this - clientCredentialType ="Ntlm" but for tcp. Here is basicHttp setting:

<basicHttpBinding>
  <binding name="BasicHttpBinding">
  <security mode ="TransportCredentialOnly">
  <transport clientCredentialType ="Ntlm"/>
  </security>
  </binding>
</basicHttpBinding>

解决方案

Here is the comprehensive answer that I finally found, tested, and confirmed.

A. My WCF client used to build an EndPoint.Address dynamically as follow

EndPointAddress  myEdpintAddress = new EndPointAddress(stringURL);

But in the case of a secure transport (net.tcp) it has to be initialized as follow EndPointAddress myEdpintAddress = new EndPointAddress(new UrRL(string), myEndPointIdentity)

Without the EndPointIdentity parameters the Identity property in the EndPointAddress object is null, and generates the "...target principal name is incorrect... " error on the server side.

B. Our domain controller supports both Kerberos and Ntlm authentication. After above is done, generally there are four configuration scenarios on the client side for the net.tcp binding if security is other than "None", and the WCF service runs as a domain account:

1. No <identity> elements in the client endpoint specified - WCF call fails

2. <identity> element provided, but with an empty value for dns, userPrioncipalName or servicePrincipalName elements - WCF call successful, but uses the Ntlm authentication

3. <identity> element provided with the a value for dsn or SPN – WCF call successfull; service uses Ntlm to authenticate.

4. <identity> element provided with the correct value for upn – WCF call successfull; service uses Kerberos for authenticate. Incorrect or missing value for upn trigger Ntlm authentication

Thanks.

这篇关于WCF - 如何配置为NetTcpBinding的NTLM身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！