Windows身份验证在Firefox或iOS Safari上不提示 [英] Windows Authentication not prompting on Firefox or iOS Safari
问题描述
我有两个WCF WebHttpBinding绑定的自承载服务。一个设置为 WebHttpSecurityMode.TransportCredentialOnly 和 HttpClientCredentialType.Windows 。另一个设置为无和无。
I have two WCF WebHttpBinding-bound self-hosted services. One is set to WebHttpSecurityMode.TransportCredentialOnly and HttpClientCredentialType.Windows. The other is set to None and None.
此服务正在为Chrome和IE上正确的身份验证提示行为提供服务,并提供正确的内容类型和内容。在localhost和远程(不在域上)进行测试。在IE中,集成身份验证的默认设置会将我的凭据立即发送到经过身份验证的服务。在Chrome中,默认设置会提示我输入Windows身份验证凭据。
This service is serving the exactly the intended authentication prompt behavior on Chrome and IE, with correct content types and content. Testing on localhost and remotely (not on a domain). In IE, the default settings for integrated authentication send my credentials immediately to the authenticated service. In Chrome, the default settings prompt me for my windows authentication credentials.
但是在Firefox中我没有提示 - 只是Firebug中的错误 401未授权,否则为空白页。我假设iOS有相同的 401 Unauthorized 问题,虽然调试器控制台没有显示任何错误 - 我只是得到一个空白页。
But in Firefox I get no such prompt - just an error in Firebug of 401 Unauthorized and a blank page otherwise. I assume iOS has the same 401 Unauthorized problem, although the debugger console doesn't show any errors - I just get a blank page.
我不知道WCF WebHttpBinding与标准的IIS托管网站的相关性,但我发现的所有其他谷歌是有人试图停止Windows Auth提示,以支持非安全模式-IE浏览器。
I don't know how relevant the WCF WebHttpBinding is versus a standard IIS-hosted website, but all the other googles I find are about someone trying to STOP the Windows Auth prompt in favor of Integrated Security mode in non-IE browsers. I kind of have the opposite problem - it's not showing up for me.
Firefox和Safari对Chrome和IE敏感的Web服务响应有一些细微差别不敏感?
Is there something nuanced about the webservice response that Firefox and Safari are sensitive to that Chrome and IE are not sensitive to?
我在Windows 8上使用IE 10和其他浏览器的最新版本进行测试。
I'm testing on Windows 8 with IE 10 and the latest releases of the other browsers at the time of writing.
谢谢!
如果我将它设置为 HttpClientCredentialType.NTLM 。但是我理解它,NTLM不允许更安全的Kerberos域凭据(如果它们可用)。
If I set it to HttpClientCredentialType.NTLM then all browsers work. But as I understand it, NTLM disallows the more secure Kerberos domain credentials (if they're available). I don't want to force a less-secure option!
推荐答案
Kerberos适用于IE,因为Chrome与IE共享内容,它也适用于Chrome。对于Firefox,您必须启用它。请参见此处。 Mac OS上的Safari应该可以正常工作,但不能确定其他操作系统。
Kerberos works well with IE and since Chrome shares stuff with IE, it works for Chrome too. For Firefox, you have to enable it. See here. Safari on Mac OS should work but not sure about other OS'.
这篇关于Windows身份验证在Firefox或iOS Safari上不提示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
