我有一个关于通过IIS上托管的HTTP流量对域帐户进行WCF授权的问题(没有生产,因此没有ssl证书可用于互联网)
我想知道如何设置从客户端到我的web服务的windows身份验证。目前我正在同一个局域网上测试,所以代理不是问题
我在这篇文章的末尾列出了一个尝试的步骤列表
编辑:发生的错误只是访问被拒绝,没有其他内容尝试,在客户端应用程序中捕获。如果有办法获得更详细的信息,请告诉我,我会把结果添加到帖子中。
WCF服务代码:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single, IncludeExceptionDetailInFaults = true)]
public class Data : IData
{
[PrincipalPermission(SecurityAction.Demand, Role=@"Administrators")]
public List<Incident> GetCases()
{
Queries query = new Queries();
List<Incident> iList = query.CallCases();
return iList;
}
}
WCF Web配置绑定:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="None">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
WCF Web配置行为:
<behavior name="Behaviour1">
<serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
<serviceDebug includeExceptionDetailInFaults="true" />
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="http" port="9577" /> ///This port is correct
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
WCF Web配置服务:
<service behaviorConfiguration="Behaviour1" name="WebService1.Data">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WebService1.IData">
<identity>
<dns value="demo.DomainName.co.uk" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
客户端应用程序(已添加服务参考)
DataClient client = new DataClient();
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
principalPerm.Demand();
Console.WriteLine("Demand succeeded.");
client.ClientCredentials.Windows.ClientCredential.Domain = "Domain Name";
client.ClientCredentials.Windows.ClientCredential.UserName = "User Account";
client.ClientCredentials.Windows.ClientCredential.Password = "Password";
//client.ClientCredentials.UserName.UserName = @"UserAccount@domain.com";
//client.ClientCredentials.UserName.Password = "Password";
//client.ClientCredentials.UseIdentityConfiguration = true;
try
{
List<Incident> cases = client.GetCases().ToList();
foreach (Incident Inc in cases)
{
Console.WriteLine(Inc.CaseID);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
尝试的解决方案:
- 使用域和本地用户
- 将客户端凭据类型修改为基本、NTLM和Windows
- 使用将IIS设置为使用
- IIS已启用基本身份验证和Windows身份验证
如果您需要更多信息,请随时询问。
感谢您为提供的任何帮助
@Tim为我指明了正确的方向,这就是解决方案:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Message">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
因为我没有SSL证书,我需要将安全模式设置为Message,所以我很困惑,因为大多数人都使用SSL进行测试,这也需要传输安全性。我将其设置为None进行测试。
感谢Tim 的帮助