使用windows身份验证在IIS中承载WCF服务,而不进行匿名访问
我想在启用集成windows身份验证和禁用匿名访问的情况下使用IIS(5/6)中托管的WCF服务。我试图通过以下方式来实现此目的,但收到一个错误,表示未安装证书。但我不需要SSL。我没有任何客户机需要较旧的ASMX服务,因此我不需要使用basicHttpBinding(而且它也不安全),所以我尝试使用wsHttpBinding 如何使具有windows身份验证的wsHttpBinding在没有SSL的情况下工作?这是一个常见的要求,但我找不到任何解决方案。有人可以发布客户端和服务器的配置吗?我正在使用ASP.NET客户端 我的配置如下。确切的错误信息是: 向发出HTTP请求时出错 . 这可能是因为 服务器证书未使用HTTP.SYS正确配置 在HTTPS案例中。这也可能是由于 客户端和服务器之间的安全绑定 我使用“svcUtil”实用程序为客户端生成代理类和配置使用windows身份验证在IIS中承载WCF服务,而不进行匿名访问,wcf,iis,wcf-security,windows-authentication,Wcf,Iis,Wcf Security,Windows Authentication,我想在启用集成windows身份验证和禁用匿名访问的情况下使用IIS(5/6)中托管的WCF服务。我试图通过以下方式来实现此目的,但收到一个错误,表示未安装证书。但我不需要SSL。我没有任何客户机需要较旧的ASMX服务,因此我不需要使用basicHttpBinding(而且它也不安全),所以我尝试使用wsHttpBinding 如何使具有windows身份验证的wsHttpBinding在没有SSL的情况下工作?这是一个常见的要求,但我找不到任何解决方案。有人可以发布客户端和服务器的配置吗?我正
server:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Transport"/>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" name="wsHttpEndpoint" contract="WCFTest.IService1"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
client:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://mymachine/WCFTest/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
contract="IService1" name="wsHttpEndpoint">
<identity>
<userPrincipalName value="mymachine\ASPNET" />
</identity>
</endpoint>
</client>
</system.serviceModel>
服务器:
客户:
我最终使用了文章中解释的basicHttpBinding。如果有人感兴趣,请在下面发布客户端和服务器的配置。客户端配置是使用“svcutil”生成的
服务器配置:
客户端配置:
发布您的绑定(服务器/客户端)和确切错误。windows身份验证不需要SSL。绑定表明要使用传输安全性。我不是100%肯定,但我认为传输安全性与SSL的含义相同。正如这个问题的标题所说,我想要的是,在IIS中使用windows身份验证和匿名访问托管WCF服务,我需要做哪些更改@阿利奥斯塔德提出了一些改变,但仍然不起作用,他的评论也被删除了?
server config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WCFTest.IService1">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
client config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://machinename/WCFTest/Service1.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
contract="IService1" name="BasicHttpEndpoint" />
</client>
</system.serviceModel>