HTTP请求是未经授权的客户端身份验证方案“NTLM” [英] The HTTP request is unauthorized with client authentication scheme 'Ntlm'
问题描述
在调用Web服务的出现以下错误:
HTTP请求是未经授权的客户端身份验证方案NTLM。从服务器接收的身份验证标头是'NTLM。 HTTP请求是未经授权的客户端身份验证方案NTLM。从服务器接收的身份验证标头是'NTLM。
我有一个Silverlight 4应用程序调用WCF Web服务,都在我的IIS(7)。 我的WCF Web服务调用另一个ASMX Web服务,安装不同的Web服务器上,使用NTLM(Windows身份验证)。 这两个服务器,我的,一个承载ASMX Web服务在同一个域。
在Silverlight客户端打开的服务器中使用 HTTP应用程序://本地主机/ MySiteName 一切工作正常。但是,当Silverlight客户端打开从不同的客户端,这是不是服务器,但仍然在同一个域中,使用应用程序的http:// MyServerName / MySiteName 然后我得到的错误。
Windows身份验证在我的IIS中启用。 匿名身份验证,在我的IIS中禁用。
绑定配置调用我的WCF的Web服务是:
<绑定名称=winAuthBasicHttpBinding>
<安全模式=TransportCredentialOnly>
<交通运输clientCredentialType =的Windows/>
< /安全>
< /装订>
绑定配置调用ASMX Web服务是:
<绑定名称=ClNtlmBinding>
<安全模式=TransportCredentialOnly>
<交通运输clientCredentialType =NTLM/>
< /安全>
< /装订>
确定,这里是进入脑海的事情:
- 您的WCF服务$ P $在IIS psumably运行,必须在安全性方面具有调用Web Service的权限下运行。你需要确保与用户是域用户的应用程序池 - 理想的专用用户
- 您不能使用模拟使用用户的安全令牌,因为
使用模拟传递回ASMX我WCF Web服务调用另一个ASMX Web服务,安装了一个** **不同的Web服务器上 - 尝试改变
NTLM到窗口并再次测试。
确定,模拟上几句话。 基本上它是你不能使用你得到了一个服务器的模拟令牌,传递到另一台服务器一个已知的问题。其原因似乎是,令牌是一种使用用户的密码和有效用于从这样生成的机器的哈希它不能被从中间服务器中使用的
更新
代表团是WCF下可能的(即转发模拟从服务器到另一台服务器)。看着这个主题这里。
While calling a web service I get the following error:
The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from the server was 'NTLM'. The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from the server was 'NTLM'.
I have a Silverlight 4 application that calls a WCF web service, both on my IIS (7). my WCF web service calls another ASMX web service, installed on a different web server, using NTLM (Windows Authentication). Both servers, mine and the one hosting the ASMX web service are in the same domain.
When the Silverlight client opens the application from the server using http://localhost/MySiteName everything works fine. But when the Silverlight client opens the application from a different client, which is not the server but still in the same domain, using http://MyServerName/MySiteName then I get the error.
Windows Authentication is enabled in my IIS. Anonymous Authentication is disabled in my IIS.
Binding configuration for calling my WCF web service is:
<binding name="winAuthBasicHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
Binding configuration for calling the ASMX web service is:
<binding name="ClNtlmBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
OK, here are the things that come into mind:
- Your WCF service presumably running on IIS must be running under the security context that has the privilege that calls the Web Service. You need to make sure in the app pool with a user that is a domain user - ideally a dedicated user.
- You can not use impersonation to use user's security token to pass back to ASMX using impersonation since
my WCF web service calls another ASMX web service, installed on a **different** web server - Try changing
NtlmtoWindowsand test again.
OK, a few words on impersonation. Basically it is a known issue that you cannot use the impersonation tokens that you got to one server, to pass to another server. The reason seems to be that the token is a kind of a hash using user's password and valid for the machine generated from so it cannot be used from the middle server.
UPDATE
Delegation is possible under WCF (i.e. forwarding impersonation from a server to another server). Look at this topic here.
这篇关于HTTP请求是未经授权的客户端身份验证方案“NTLM”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
