IIS7发布/放置/修补/删除WCF oData - 身份验证失败401.3 [英] IIS7 Post/Put/Patch/Delete WCF oData - Authentication Failure 401.3
问题描述
从IIS6迁移到IIS7后,使用WCF oData服务的所有站点在尝试发出Post / Put / Patch / Delete请求时都会提示输入凭据。在取消请求之前,将不断提示用户输入凭据。取消请求后,他们将从服务器收到 401.3 响应。
After migrating from IIS6 to IIS7, all sites using a WCF oData service would prompt for credentials when attempting to make Post/Put/Patch/Delete request. The user would be continually prompted for credentials until the cancelled the request. After cancelling the request, they would receive a 401.3 response from the server.
如果用户被授予修改权限在包含WCF oData服务的 * .svc 文件的文件夹上,然后授权他们使用这些动词发出请求。 Asp.Net模拟不打开。
If a user is granted modify permission on the folder containing the *.svc file for the WCF oData service they are then authorized to make requests with those verbs. Asp.Net impersonation is not turned on.
AppPool在服务帐户下运行Integrated .Net 4,对网站的文件夹具有修改权限/ files。
The AppPool is running Integrated .Net 4 under a service account with modify permissions to the site's folders/files.
更新:
看来这是设计的。授予 ServerName \Users 修改对 * .svc 的访问权限,确实解决了问题。 附录:具体来说,它看起来像域用户或经过身份验证的用户需要修改<$ c $的权利c> * .svc 。
Update:
It seems this is as designed. GrantingServerName\Users modify access to the *.svc, does resolve the issue. Addendum: Specifically, it looks like Domain Users or Authenticated Users needs modify rights to the *.svc.
最终更新:更改了措辞,使问题更加通用/易于寻找他人
推荐答案
这是设计的。如果禁用模拟,则NTFS ACL用于保护资源。我知道一开始看起来很奇怪,但有些想法会让你明白,鉴于这种特殊配置的限制,这是一种合理的方法。 MSDN上记录了此行为。
This is by design. If you disable impersonation, then NTFS ACLs are used to secure the resource. I know it seems odd at first, but some thought will lead you to an understanding that it is a reasonable approach given the constraints of this particular configuration. This behaviour is documented on MSDN.
这篇关于IIS7发布/放置/修补/删除WCF oData - 身份验证失败401.3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
