在 IIS 中托管 WCF 服务，使用 Windows 身份验证且不进行匿名访问

发布于 2024-10-07 04:22:11 字数 3808 浏览 0 评论 0原文

我想使用 IIS (5/6) 中托管的 WCF 服务，并启用集成 Windows 身份验证并禁用匿名访问。我尝试按照 http://msdn.microsoft.com/en- 来执行此操作us/library/ff648431.aspx，但收到错误消息，提示未安装证书。但我不需要 SSL。我没有任何客户期望旧的 ASMX 服务，所以我不需要使用 basicHttpBinding （而且它也不安全），所以我尝试使用 wsHttpBinding。

如何让 wsHttpBinding 与 Windows 身份验证在没有 SSL 的情况下工作？这是一个很常见的要求，但我找不到任何解决方案。有人可以发布客户端和服务器的配置吗？我正在使用 ASP.NET 客户端。

我的配置如下。确切的错误消息是：

发出 HTTP 请求时发生错误 https://mymachine/WCFTest/Service1.svc。这可能是由于以下事实未使用 HTTP.SYS 正确配置服务器证书在 HTTPS 情况下。这也可能是由于不匹配造成的客户端和服务器之间的安全绑定。

我使用“svcUtil”实用程序为客户端生成代理类和配置。

server:
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="wsHttpEndpointBinding">
                    <security mode="Transport"/>
                </binding>
            </wsHttpBinding>
        </bindings>
        <services>
            <service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
                <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" name="wsHttpEndpoint" contract="WCFTest.IService1"/>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="WCFTest.Service1Behavior">
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true"/>
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>

client:
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
            transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
            allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
              enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="Windows" negotiateServiceCredential="true"
                establishSecurityContext="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://mymachine/WCFTest/Service1.svc"
          binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
          contract="IService1" name="wsHttpEndpoint">
        <identity>
          <userPrincipalName value="mymachine\ASPNET" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>

原文

I would like to use WCF service hosted in IIS (5/6) with integrated windows authentication enabled and anonymous access disabled. I tried to do this by following http://msdn.microsoft.com/en-us/library/ff648431.aspx, but getting an error saying certificate is not installed. But I don't need SSL. I don't have any clients expecting older ASMX services, so I don't need to use basicHttpBinding (and also it is not secure), so I tried to use wsHttpBinding.

How do I get wsHttpBinding with windows authentication to work without SSL? This is such a common requirement, but I couldn't find any solution for this. Can someone post the configuration for the client and the server please? I am using ASP.NET client.

My configuration below. and the exact error message is:

An error occurred while making the HTTP request to
https://mymachine/WCFTest/Service1.svc. This could be due to the fact
that the server certificate is not configured properly with HTTP.SYS
in the HTTPS case. This could also be caused by a mismatch of the
security binding between the client and the server.

I used "svcUtil" utility to generate the proxy class and configuration for the client.

server:
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="wsHttpEndpointBinding">
                    <security mode="Transport"/>
                </binding>
            </wsHttpBinding>
        </bindings>
        <services>
            <service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
                <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" name="wsHttpEndpoint" contract="WCFTest.IService1"/>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="WCFTest.Service1Behavior">
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true"/>
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>

client:
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
            transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
            allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
              enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="Windows" negotiateServiceCredential="true"
                establishSecurityContext="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://mymachine/WCFTest/Service1.svc"
          binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
          contract="IService1" name="wsHttpEndpoint">
        <identity>
          <userPrincipalName value="mymachine\ASPNET" />
        </identity>
      </endpoint>
    </client>
  </system.serviceModel>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

ま昔日黯然 2024-10-14 04:22:11

我最终使用了 basicHttpBinding，如文章 http://msdn.microsoft.com 中所述/en-us/library/ff648505.aspx。如果有人感兴趣，请在下面发布客户端和服务器的配置。客户端配置是使用“svcutil”生成的。

server config:    
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
        <endpoint address="" binding="basicHttpBinding"
          bindingConfiguration="BasicHttpEndpointBinding"
          name="BasicHttpEndpoint" contract="WCFTest.IService1">
        </endpoint>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFTest.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

client config:
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
            bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://machinename/WCFTest/Service1.svc"
          binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
          contract="IService1" name="BasicHttpEndpoint" />
    </client>
  </system.serviceModel>

I ended up using basicHttpBinding as explained in the article http://msdn.microsoft.com/en-us/library/ff648505.aspx. posting the config for the client and the server below if anyone is interested. client config is generated using "svcutil".

server config:    
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
        <endpoint address="" binding="basicHttpBinding"
          bindingConfiguration="BasicHttpEndpointBinding"
          name="BasicHttpEndpoint" contract="WCFTest.IService1">
        </endpoint>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFTest.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

client config:
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
            bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://machinename/WCFTest/Service1.svc"
          binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
          contract="IService1" name="BasicHttpEndpoint" />
    </client>
  </system.serviceModel>

回复收藏 0 原文

~没有更多了~