C# 具有基本身份验证的Web引用失败
我有一个使用ApacheCXF创建的web服务,还有两个使用web引用(而不是服务引用)的.NET客户端。compact framework客户端可以工作,但.NET 4.0桌面客户端仅在与C# 具有基本身份验证的Web引用失败,c#,.net,web-services,cxf,basic-authentication,C#,.net,Web Services,Cxf,Basic Authentication,我有一个使用ApacheCXF创建的web服务,还有两个使用web引用(而不是服务引用)的.NET客户端。compact framework客户端可以工作,但.NET 4.0桌面客户端仅在与localhost对话时工作。以下是客户端设置: var client = new Permission.Permission(); client.Credentials = new NetworkCredential(username, password);
localhost
对话时工作。以下是客户端设置:
var client = new Permission.Permission();
client.Credentials = new NetworkCredential(username, password);
client.PreAuthenticate = true;
client.Url = url + "/Permission";
如果url
是http://localhost:8080/
调用成功,但如果是http://127.0.0.1:8080
呼叫失败,出现错误401。由于某些原因,生成的客户端代码在401响应时停止,并且不发送用户名和密码
编辑:我找到了罪犯,但我不知道最后的答案。Visual Studio已将此部分插入到app.config
文件中:
<applicationSettings>
<MyService.Properties.Settings>
<setting name="MyService_Permission_Permission" serializeAs="String">
<value>http://localhost:8080/api/Permission</value>
</setting>
</MyService.Properties.Settings>
</applicationSettings>
POST /api/Permission HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.225)
VsDebuggerCausalityData: uIDPo8B4pxEyITVOlb6i18R2juMAAAAACwClY0YyykuVhoiZKG7oEPZ1kukkB6NLnxx6RVnHjT8ACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Host: xxxxxx:8080
Content-Length: 307
Expect: 100-continue
HTTP/1.1 401 Unauthorized
Content-Length: 0
content-type: text/xml; charset=utf-8
Expect: 100-continue
Host: xxx:8080
SOAPAction: ""
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.225)
VsDebuggerCausalityData: uIDPo8B4pxEyITVOlb6i18R2juMAAAAACwClY0YyykuVhoiZKG7oEPZ1kukkB6NLnxx6RVnHjT8ACQAA
WWW-Authenticate: Basic realm=realm
Server: Jetty(6.1.25)
我已经找到了答案。主机名
localhost
在Web引用中很神奇。在生成的代码中存在此函数:
private bool IsLocalFileSystemWebService(string url) {
if (((url == null)
|| (url == string.Empty))) {
return false;
}
System.Uri wsUri = new System.Uri(url);
if (((wsUri.Port >= 1024)
&& (string.Compare(wsUri.Host, "localHost", System.StringComparison.OrdinalIgnoreCase) == 0))) {
return true;
}
return false;
}
}
通过将我的app.config
更改为默认值127.0.0.1,我绕过了本地web服务身份验证的特殊行为
这个故事的寓意是:在针对本地服务实例开发web引用客户端时,不要在URL中使用localhost
private bool IsLocalFileSystemWebService(string url) {
if (((url == null)
|| (url == string.Empty))) {
return false;
}
System.Uri wsUri = new System.Uri(url);
if (((wsUri.Port >= 1024)
&& (string.Compare(wsUri.Host, "localHost", System.StringComparison.OrdinalIgnoreCase) == 0))) {
return true;
}
return false;
}
}