C# 使 Wcf 服务集成 Windows 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15264969/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Make Wcf Service IntegratedWindowsAuthentication
提问by user214471
I m getting the following error when I did set the Windows Authentication enable and anonymous to disabled in IIS.
当我在 IIS 中将 Windows 身份验证启用和匿名设置为禁用时,出现以下错误。
The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
在主机上配置的身份验证方案 ('IntegratedWindowsAuthentication') 不允许在绑定 'BasicHttpBinding' ('Anonymous') 上配置的那些。请确保将 SecurityMode 设置为 Transport 或 TransportCredentialOnly。此外,这可以通过以下方式解决:通过 IIS 管理工具、ServiceHost.Authentication.AuthenticationSchemes 属性、元素的应用程序配置文件中、更新绑定上的 ClientCredentialType 属性或调整HttpTransportBindingElement 上的 AuthenticationScheme 属性。
My Wcf Service's web.config is as follows...
我的 Wcf 服务的 web.config 如下...
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
contract="Test.IService1" name="BasicHttpEndpoint" />
</client>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceAuthenticationManager
authenticationSchemes="IntegratedWindowsAuthentication"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
Please advice..
请指教..
回答by Raju S Nair
<services>
<service name="Test.Service1" behaviorConfiguration="TestName">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" contract="Test.IService1" />
</service>
</services>
It solved my problem.
它解决了我的问题。
回答by scradam
In .Net 4.0+, Simplified WCF configurationuses the 'anonymous' configurations when configurations are not explicitly set on a per-services basis in the <services> section. If you remove the name="BasicHttpEndpointBinding" from the <binding> element, or if you duplicate that <binding> element as a new element with no name attribute, it will become the default, anonymous binding that your WCF services will use. This is often useful in cases where you need to serve as well as consume WCF services that may not all have the same config - but at least you can set a default config for the services that do not have a specific config set. The default/anonymous concept is also applicable to <behavior> elements.
在 .Net 4.0+ 中,当在 <services> 部分中未在每个服务的基础上显式设置配置时,简化的 WCF 配置使用“匿名”配置。如果从 <binding> 元素中删除 name="BasicHttpEndpointBinding",或者如果将该 <binding> 元素复制为没有 name 属性的新元素,它将成为 WCF 服务将使用的默认匿名绑定。这在您需要服务和使用 WCF 服务的情况下通常很有用,这些服务可能并非都具有相同的配置 - 但至少您可以为没有特定配置集的服务设置默认配置。默认/匿名概念也适用于 <behavior> 元素。
<bindings>
<basicHttpBinding>
<binding> <!--Notice, no name attribute set-->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
Also, I might add that if your WCF services require authentication, this means that you will either need to consume the service using a real user account, or you will need to grant the the DOMAIN\CLIENTCOMPUTERNAME$ account access to the service - so, perhaps the proper solution for many people may be to alter the configuration to instead allow anonymous access (which is not discussed in my answer). Still, I do sometimes actually elect to secure my WCF services with Windows (Kerberos) authentication.
另外,我可能会补充一点,如果您的 WCF 服务需要身份验证,这意味着您要么需要使用真实用户帐户使用该服务,要么需要授予 DOMAIN\CLIENTCOMPUTERNAME$ 帐户访问该服务的权限 - 因此,也许对许多人来说,正确的解决方案可能是更改配置以允许匿名访问(我的回答中未讨论)。尽管如此,我有时确实会选择使用 Windows (Kerberos) 身份验证来保护我的 WCF 服务。
回答by Chris Schiffhauer
Like the other answers, I needed to update the binding in my Web.config to this:
像其他答案一样,我需要将 Web.config 中的绑定更新为:
<basicHttpBinding>
<binding name="basicHttpBindin1">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
But I also needed to update my binding's instantiation:
但我还需要更新我的绑定实例:
var binding = new BasicHttpBinding { MaxReceivedMessageSize = 1000000, ReaderQuotas = { MaxDepth = 200 } };
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
回答by Rian
Adding this worked for me.
添加这个对我有用。
<bindings>
<webHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
回答by GunnarS
I got this error when updating from .NET 4.0 to .NET 4.5.2. I changed the clientCredentialType from
从 .NET 4.0 更新到 .NET 4.5.2 时出现此错误。我改变了 clientCredentialType 从
<security mode="TransportCredentialOnly">
<transport clientCredentialType="None"/>
</security>
to
到
<security mode="TransportCredentialOnly">
<transport clientCredentialType="InheritedFromHost"/>
</security>
However, setting clientCredentialType="Windows" works equally well.
但是,设置 clientCredentialType="Windows" 同样有效。
回答by Kevin Raffay
I had add a webHttpBinding and point my endpoint to that, which the security settings needed to work. Without that my endpoint used the default WCF config bindings:
我添加了一个 webHttpBinding 并将我的端点指向它,安全设置需要工作。如果没有,我的端点使用了默认的 WCF 配置绑定:
<services>
<service behaviorConfiguration="ServiceBehavior" name="Service">
<endpoint address="" binding="webHttpBinding" contract="IService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<webHttpBinding>
<binding>
<!--Notice, no name attribute set-->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
回答by QA Collective
I'm not entirely sure why, but when I added the 'Factory' attribute to my .SVC file (you need to explicitly drag it to Visual Studio), everything just works- without any changes to default settings in Web.config!
我不完全确定为什么,但是当我将“Factory”属性添加到我的 .SVC 文件时(您需要明确地将它拖到 Visual Studio),一切正常- Web.config 中的默认设置没有任何更改!
I added Factory="System.ServiceModel.Activation.WebServiceHostFactory"so my .SVC file went from this:
我添加了Factory="System.ServiceModel.Activation.WebServiceHostFactory"所以我的 .SVC 文件是这样的:
<%@ ServiceHost Language="C#" Debug="true" Service="ServiceNameSpace.ServiceName" CodeBehind="ServiceName.svc.cs" %>
<%@ ServiceHost Language="C#" Debug="true" Service="ServiceNameSpace.ServiceName" CodeBehind="ServiceName.svc.cs" %>
to this:
对此:
<%@ ServiceHost Language="C#" Debug="true" Service="ServiceNameSpace.ServiceName" CodeBehind="ServiceName.svc.cs" Factory="System.ServiceModel.Activation.WebServiceHostFactory" %>
<%@ ServiceHost Language="C#" Debug="true" Service="ServiceNameSpace.ServiceName" CodeBehind="ServiceName.svc.cs" Factory="System.ServiceModel.Activation.WebServiceHostFactory" %>
The only side effect seems to be that when you click on the .SVC file in the browser, you get an 'Endpoint not found' error, but the service works fine when you invoke it correctly anyway. As mentioned previously, I'm using a default Web.config with .NET 4.6 (Simplified WCF configuration), so I may yet need to add endpoint details for that to work again.
唯一的副作用似乎是当您在浏览器中单击 .SVC 文件时,您会收到“未找到端点”错误,但是当您正确调用它时,该服务仍能正常工作。如前所述,我将默认 Web.config 与 .NET 4.6(简化的 WCF 配置)一起使用,因此我可能还需要添加端点详细信息以使其再次工作。
回答by Khushi4.net
I had the same issue when consuming already existing WCF web URL. I tried all the answers mentioned here , but all in all finally only two things helped.
在使用现有的 WCF Web URL 时,我遇到了同样的问题。我尝试了这里提到的所有答案,但总而言之,最终只有两件事有所帮助。
- Changing the setting in "Turn windows Features on and off".
- 更改“打开和关闭 Windows 功能”中的设置。
Enabling Anonymous authentication along with Windows Authentication in Local IIS server.
在本地 IIS 服务器中启用匿名身份验证和 Windows 身份验证。
