WCF认证NT挑战响应
WCF认证NT挑战响应
提问于 2011-03-29 05:36:47
当基本和/或windows身份验证被打开,匿名身份验证被关闭时,我怎样才能让我的控制台应用程序连接到IIS托管的WCF服务?
该网站是内部和严格的安全是不需要的。没有域控制器。但是,我需要关闭匿名访问。
我已经搜索了几天,并尝试了许多方法,包括使用自托管证书和覆盖证书验证、重写UserNameValidator和使用client.ClientCredentials.Windows.ClientCredentials.UserName或client.ClientCredentials.UserName.UserName。这些都不起作用。
如果有人能够查看并运行代码,并帮助我让示例运行身份验证,我将感到非常高兴。
我冒昧地上传了一个包含HostWebSite、ClientConsole和API项目的沙箱解决方案。
我在Windows:Authentication.zip上托管了zip文件
一些小的设置步骤。
- 我在主机文件
127.0.0.1 hostwebsite.local中添加了 - 我在IIS中添加了一个网站
-地点:
HostWebSite project root-约束力:hostwebsite.local-应用程序池:Classic 4.0 app pool - 应用安全
Everyone读取对HostWebSite项目目录的访问。 - 验证可以看到服务
http://hostwebsite.local/services/EchoService.svc - 验证控制台回音回hello世界。
- 然后通过IIS /身份验证关闭匿名,并打开基本和/或windows身份验证。
谢谢
为了读者的利益,我在这里包括了代码片段()
项目: API
namespace API.Contract
{
[ServiceContract]
public interface IEcho
{
[OperationContract]
string SendEcho(string message);
}
}
namespace API.Proxy
{
public class EchoProxy : IEcho
{
public string SendEcho(string message)
{
return string.Concat("You said: ", message);
}
}
}
namespace API.Service
{
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
public class EchoService : System.ServiceModel.ClientBase<IEcho>, IEcho
{
public EchoService()
{
}
public EchoService(string endpointConfigurationName) :
base(endpointConfigurationName)
{
}
public EchoService(string endpointConfigurationName, string remoteAddress) :
base(endpointConfigurationName, remoteAddress)
{
}
public EchoService(string endpointConfigurationName, System.ServiceModel.EndpointAddress remoteAddress) :
base(endpointConfigurationName, remoteAddress)
{
}
public EchoService(System.ServiceModel.Channels.Binding binding, System.ServiceModel.EndpointAddress remoteAddress) :
base(binding, remoteAddress)
{
}
public string SendEcho(string message)
{
return base.Channel.SendEcho(message);
}
}
}项目: ClientConsole
static void Main(string[] args)
{
EchoService client = new EchoService("WSHttpBinding_IEcho");
try
{
Console.WriteLine(client.SendEcho("Hello World"));
client.Close(); // i tried putting this in the finally block but the client would close in an errored state it said.
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
}
Console.WriteLine("Press any key to exit.");
Console.ReadKey();
}客户端Config
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IEcho" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://hostwebsite.local/Services/EchoService.svc/services/EchoService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IEcho"
contract="API.Contract.IEcho" name="WSHttpBinding_IEcho">
<identity>
<servicePrincipalName value="host/mikev-ws" />
</identity>
</endpoint>
</client>
</system.serviceModel>项目: HostWebSite
<system.serviceModel>
<!-- SERVER -->
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceTypeBehaviors">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="API.Proxy.EchoProxy" behaviorConfiguration="MyServiceTypeBehaviors">
<endpoint address="/services/EchoService.svc" binding="wsHttpBinding" contract="API.Contract.IEcho" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/>
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>回答 1
Stack Overflow用户
回答已采纳
发布于 2011-03-29 06:39:38
您真的在研究消息级别的安全性吗?从描述中可以看出,您需要传输级别的安全性(来自IIS)。为此,您必须使客户端配置文件正确。例如,
<binding ...
...
<security mode="TransportCredentialOnly">
<transport clientCredentialType="windows" proxyCredentialType="None" realm="" />
...这将确保集成的windows身份验证-将使用运行客户端的当前windows用户进行身份验证。对于NTLM/基本身份验证,您需要从代码中提供用户名/密码-例如,
<binding ...
...
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />在密码中,
EchoService client = new EchoService("WSHttpBinding_IEcho");
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(userName, pwd);编辑
要使用http协议进行基本身份验证,您必须在服务器端以及服务器端进行配置。例如,
<system.serviceModel>
<!-- SERVER -->
<bindings>
<basicHttpBinding>
<binding name="NewBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
...
<services>
<service name="API.Proxy.EchoProxy" ...
<endpoint binding="basicHttpBinding" bindingConfiguration="NewBinding" contract="API.Contract.IEcho" />
...有关更多信息,请参见这篇文章。顺便说一句,您可能想考虑HTTPS方案,因为basic用纯文本传输密码。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/5468323
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号