在 IIS 中托管 WCF 服务,使用 Windows 身份验证且不进行匿名访问
我想使用 IIS (5/6) 中托管的 WCF 服务,并启用集成 Windows 身份验证并禁用匿名访问。我尝试按照 http://msdn.microsoft.com/en- 来执行此操作us/library/ff648431.aspx,但收到错误消息,提示未安装证书。但我不需要 SSL。我没有任何客户期望旧的 ASMX 服务,所以我不需要使用 basicHttpBinding (而且它也不安全),所以我尝试使用 wsHttpBinding。
如何让 wsHttpBinding 与 Windows 身份验证在没有 SSL 的情况下工作?这是一个很常见的要求,但我找不到任何解决方案。有人可以发布客户端和服务器的配置吗?我正在使用 ASP.NET 客户端。
我的配置如下。确切的错误消息是:
发出 HTTP 请求时发生错误 https://mymachine/WCFTest/Service1.svc。这可能是由于以下事实 未使用 HTTP.SYS 正确配置服务器证书 在 HTTPS 情况下。这也可能是由于不匹配造成的 客户端和服务器之间的安全绑定。
我使用“svcUtil”实用程序为客户端生成代理类和配置。
server:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Transport"/>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" name="wsHttpEndpoint" contract="WCFTest.IService1"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
client:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://mymachine/WCFTest/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
contract="IService1" name="wsHttpEndpoint">
<identity>
<userPrincipalName value="mymachine\ASPNET" />
</identity>
</endpoint>
</client>
</system.serviceModel>
I would like to use WCF service hosted in IIS (5/6) with integrated windows authentication enabled and anonymous access disabled. I tried to do this by following http://msdn.microsoft.com/en-us/library/ff648431.aspx, but getting an error saying certificate is not installed. But I don't need SSL. I don't have any clients expecting older ASMX services, so I don't need to use basicHttpBinding (and also it is not secure), so I tried to use wsHttpBinding.
How do I get wsHttpBinding with windows authentication to work without SSL? This is such a common requirement, but I couldn't find any solution for this. Can someone post the configuration for the client and the server please? I am using ASP.NET client.
My configuration below. and the exact error message is:
An error occurred while making the HTTP request to
https://mymachine/WCFTest/Service1.svc. This could be due to the fact
that the server certificate is not configured properly with HTTP.SYS
in the HTTPS case. This could also be caused by a mismatch of the
security binding between the client and the server.
I used "svcUtil" utility to generate the proxy class and configuration for the client.
server:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Transport"/>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFTest.Service1Behavior" name="WCFTest.Service1">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" name="wsHttpEndpoint" contract="WCFTest.IService1"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
client:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://mymachine/WCFTest/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
contract="IService1" name="wsHttpEndpoint">
<identity>
<userPrincipalName value="mymachine\ASPNET" />
</identity>
</endpoint>
</client>
</system.serviceModel>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我最终使用了 basicHttpBinding,如文章 http://msdn.microsoft.com 中所述/en-us/library/ff648505.aspx。如果有人感兴趣,请在下面发布客户端和服务器的配置。客户端配置是使用“svcutil”生成的。
I ended up using basicHttpBinding as explained in the article http://msdn.microsoft.com/en-us/library/ff648505.aspx. posting the config for the client and the server below if anyone is interested. client config is generated using "svcutil".