元数据请求需要在 WCF 中进行身份验证，即使服务描述页面不需要

发布于 2024-10-29 14:26:00 字数 1835 浏览 3 评论 0原文

我已经使用以下配置设置了一个 WCF 服务来要求 NTLM 身份验证：

<system.serviceModel>
    <bindings>
        <customBinding>
            <binding name="BinarySecurityBinding">
                <binaryMessageEncoding/>
                <httpTransport authenticationScheme="Ntlm"/>
            </binding>
        </customBinding>
    </bindings>

    <services>
        <service name="Services.LogisticsServices" behaviorConfiguration="ServiceBehavior">
            <endpoint address="" binding="customBinding" bindingConfiguration="BinarySecurityBinding" contract="Services.ILogisticsServices" />
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
        </service>
    </services>

    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

我这样做是为了强制使用 Web 服务的应用程序登录，因为我的所有服务操作都使用模拟 ([OperationBehavior(Impersonation = ImpersonationOption.Required)])。

在 IIS 7 中，我启用了匿名和 Windows 身份验证。

当我访问托管上述服务的http://test.server/LogisticsServices.svc时，我可以匿名看到默认的服务描述页面。但是，当 Visual Studio 尝试访问 http://test.server/LogisticsServices.svc/$metadata 来生成客户端代理时，服务器会使用 HTTP 代码 401 进行响应并期望进行身份验证。我不仅期望元数据可以匿名使用，而且服务器不接受我提供的凭据（尽管我知道它们是正确的）。

测试不同的配置，我尝试从绑定的传输中删除 authenticationScheme ，只是为了能够生成客户端代理，但这会导致异常，因为服务的操作需要模拟 ([OperationBehavior(模拟 = ImpersonationOption.Required)])。

我的服务配置中缺少哪些内容可以使服务的元数据匿名可用？如果我对整个事情的处理方式是错误的，我也愿意接受建议。

原文

I've set up a WCF service to require NTLM authentication using the following configuration:

<system.serviceModel>
    <bindings>
        <customBinding>
            <binding name="BinarySecurityBinding">
                <binaryMessageEncoding/>
                <httpTransport authenticationScheme="Ntlm"/>
            </binding>
        </customBinding>
    </bindings>

    <services>
        <service name="Services.LogisticsServices" behaviorConfiguration="ServiceBehavior">
            <endpoint address="" binding="customBinding" bindingConfiguration="BinarySecurityBinding" contract="Services.ILogisticsServices" />
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
        </service>
    </services>

    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

I did this so that the applications that consume the web service are forced to log in because all my service's operations use impersonation ([OperationBehavior(Impersonation = ImpersonationOption.Required)]).

In IIS 7 I've enabled anonymous and Windows authentication.

When I visit http://test.server/LogisticsServices.svc, which hosts the service described above, I can see the default service description page anonymously. However, when Visual Studio tries to access http://test.server/LogisticsServices.svc/$metadata to generate a client proxy, the server is responding with HTTP code 401 and expecting authentication. Not only would I've expected the metadata to be available anonymously, but additionally, the server is not accepting the credentials I am giving it (even though, I know for a fact that they are correct).

Testing different configuration, I tried removing the authenticationScheme from my binding's transport, just to be able to generate the client proxy, but that results in an exception because the service's operations require impersonation ([OperationBehavior(Impersonation = ImpersonationOption.Required)]).

What am I missing in my service's configuration that would make the service's metadata available anonymously? I'm also open to suggestions if I'm approaching the whole thing wrong.

分享到QQ

分享到微博