WCF服务集成Windows认证如何实现?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (2)
  • 关注 (0)
  • 查看 (23)

当我设置了Windows身份验证启用和匿名在IIS中禁用时,我遇到以下错误。

The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

我的WCF服务的web.config如下

<?xml version="1.0"?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5"/>
  </system.web>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint binding="basicHttpBinding" 
        bindingConfiguration="BasicHttpEndpointBinding"
        contract="Test.IService1" name="BasicHttpEndpoint" />
    </client>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceAuthenticationManager 
             authenticationSchemes="IntegratedWindowsAuthentication"/>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add binding="basicHttpBinding" scheme="http" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"
         multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <directoryBrowse enabled="true"/>
  </system.webServer>
</configuration>
提问于
用户回答回答于

加上这个对我有用。

        <bindings>
        <webHttpBinding>
            <binding>
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
用户回答回答于

在.Net 4.0+中,简化的WCF配置使用“匿名”配置,而不是在<services>部分中的每个服务基础上明确设置配置。如果从<binding>元素中删除name =“BasicHttpEndpointBinding”,或者如果将该<binding>元素作为不带name属性的新元素复制,它将成为WCF服务将使用的默认匿名绑定。在需要服务和使用可能不都具有相同配置的WCF服务的情况下,这通常很有用 - 但至少可以为没有特定配置集的服务设置默认配置。默认/匿名概念也适用于<behavior>元素。

<bindings>
  <basicHttpBinding>
    <binding> <!--Notice, no name attribute set-->
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

此外,如果WCF服务需要身份验证,这意味着需要使用真实用户帐户使用该服务,否则需要授予该服务的DOMAIN \ CLIENTCOMPUTERNAME $帐户访问权限 - 因此,也许许多人适当的解决方案可能是改变配置,而不是允许匿名访问(这在我的答案中没有讨论)。不过,我有时确实选择通过Windows(Kerberos)身份验证来保护我的WCF服务。

扫码关注云+社区