当前位置: 文江博客话题详情

使用 WCF 设置 NTLM 身份验证到 Sharepoint Web 服务

发布于 2024-11-02 15:18:30 字数 4856 浏览 2 评论 0原文

我在设置 WCF 服务与 Sharepoint Web 服务对话时遇到了很多困难,特别是我尝试使用 Lists.asmx 和 Copy.asmx 服务。

我使用到 sharepoint 的 http 链接进行开发,但现在我们需要切换到 HTTPS 链接。我获得了网络参考设置并更新了此链接,但是当它尝试调用服务(例如:GetListItems)时,它会出错并显示以下错误: 请求失败,HTTP 状态为 401:未经授权。

然后我尝试查看我们的 Sharepoint Server 使用什么类型的身份验证,结果是 NTLM。然后我尝试为此配置 web.config 文件。这是整个 web.config 文件:

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <section name="InventoryService.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
        </sectionGroup>
    </configSections>
    <appSettings/>
    <connectionStrings/>
    <system.web>
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
        <authentication mode="Windows"/>
        <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
         <error statusCode="403" redirect="NoAccess.htm" />
         <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
    -->
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web>
    <!-- 
      The system.webServer section is required for running ASP.NET AJAX under Internet
      Information Services 7.0.  It is not necessary for previous version of IIS.
  -->
    <system.serviceModel>
        <bindings>
   <basicHttpBinding>
    <binding name="NewBinding0">
     <security mode="TransportCredentialOnly">
      <transport clientCredentialType="Ntlm" proxyCredentialType="None" />
     </security>
    </binding>
   </basicHttpBinding>
  </bindings>
  <services>
   <service behaviorConfiguration="InventoryService.Service1Behavior"
    name="InventoryService.InventoryService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="NewBinding0"
     contract="InventoryService.IInventoryService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>
  </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="InventoryService.Service1Behavior">
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true"/>
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
    <applicationSettings>
        <InventoryService.Properties.Settings>
   <setting name="InventoryService_WSCopy_Copy" serializeAs="String">
    <value>http://site/_vti_bin/Copy.asmx</value>
   </setting>
   <setting name="InventoryService_SharepointLists_Lists" serializeAs="String">
    <value>https://site/_vti_bin/Lists.asmx</value>
   </setting>
  </InventoryService.Properties.Settings>
    </applicationSettings>
</configuration>

如果有人知道我是否为 NTLM 正确设置了此配置文件,那将非常有帮助。

如果设置正确,那么我想我将继续讨论下一个关于我是否正确设置凭据的问题:

inventoryList = new SharepointLists.Lists();
inventoryList.Url = "https://fullsiteurl/_vti_bin/Lists.asmx";
inventoryList.Credentials = new System.Net.NetworkCredential("user", "pass", "domain");

如果有人可以解决这个问题,那也会非常有帮助。

我再次知道配置文件相当长,如果您仔细阅读它并让我知道我是否正确设置了 NTLM 身份验证,我将非常感激。

如果所有这些检查都正常,那么我不知道从哪里开始获取与共享点一起工作的 HTTPS 链接(共享点的现有 HTTP 链接暂时仍然可以访问,直到我可以让服务与 HTTPS 链接一起工作) 。

原文

I have been having a lot of difficulty setting up my WCF service to talk to Sharepoint Web services, specifically I am trying to use the Lists.asmx and Copy.asmx services.

I got it working using an http link to sharepoint for development, but now we need to switch to an HTTPS link. I got the web reference setup and updated for this link, but when it tries to call a service (ex: GetListItems) it errors out with the following error:
The request failed with HTTP status 401: Unauthorized.

I then tried to see what type of authentication our Sharepoint Server uses, which turns out to be NTLM. I then tried to configure out web.config file for this. Here is the entire web.config file:

<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
            <section name="InventoryService.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
        </sectionGroup>
    </configSections>
    <appSettings/>
    <connectionStrings/>
    <system.web>
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
        <authentication mode="Windows"/>
        <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
         <error statusCode="403" redirect="NoAccess.htm" />
         <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
    -->
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web>
    <!-- 
      The system.webServer section is required for running ASP.NET AJAX under Internet
      Information Services 7.0.  It is not necessary for previous version of IIS.
  -->
    <system.serviceModel>
        <bindings>
   <basicHttpBinding>
    <binding name="NewBinding0">
     <security mode="TransportCredentialOnly">
      <transport clientCredentialType="Ntlm" proxyCredentialType="None" />
     </security>
    </binding>
   </basicHttpBinding>
  </bindings>
  <services>
   <service behaviorConfiguration="InventoryService.Service1Behavior"
    name="InventoryService.InventoryService">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="NewBinding0"
     contract="InventoryService.IInventoryService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>
  </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="InventoryService.Service1Behavior">
                    <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                    <serviceMetadata httpGetEnabled="true"/>
                    <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
    <applicationSettings>
        <InventoryService.Properties.Settings>
   <setting name="InventoryService_WSCopy_Copy" serializeAs="String">
    <value>http://site/_vti_bin/Copy.asmx</value>
   </setting>
   <setting name="InventoryService_SharepointLists_Lists" serializeAs="String">
    <value>https://site/_vti_bin/Lists.asmx</value>
   </setting>
  </InventoryService.Properties.Settings>
    </applicationSettings>
</configuration>

If anyone has a clue if I setup this config file correctly for NTLM, that would be really helpful.

If this is setup correctly, then I guess I will move on to the next question about if I setup the credentials correctly:

inventoryList = new SharepointLists.Lists();
inventoryList.Url = "https://fullsiteurl/_vti_bin/Lists.asmx";
inventoryList.Credentials = new System.Net.NetworkCredential("user", "pass", "domain");

If someone could go over this, that would also be very helpful.

Again I know that the config file is pretty long and I highly appreciate it if you go through it let me know if I setup NTLM authentication correctly.

If all this checks out ok, then I have no idea where to start on getting the HTTPS link with sharepoint working (The existing HTTP link to sharepoint is still accessible for the time being, until I can get the service working with the HTTPS link).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

爱给你人给你 2024-11-09 15:18:30

确保指定用户可以使用浏览器访问 ASMX。

确保用户(至少)具有目标库的读取权限。

另外,请确保用户具有使用远程接口权限(WSS 3.0:站点设置、高级权限、设置 - 权限级别,选择相应的权限级别)。

另外,如果您使用的是 MOSS 2007,则可以在中央管理中禁用 SOAP 访问。

我目前没有可用的 Sharepoint 2010,因此无法检查,但我希望设置是对应的。

编辑

如果在正常 HTTP 下一切正常,我会查看启用 HTTPS 的方式。

看看这个网站“如何在 SharePoint 2010 Web 应用程序上启用 SSL",特别是第二部分(大约页面的 1/3,关于添加备用访问映射)。

希望这有帮助。

Make sure the specified user has access to the ASMX with the browser.

Make sure the user has (at minimum) Read permission to the target library.

Also, make sure the user has the Use Remote Interfaces premission (WSS 3.0: Site settings, Advanced permissions, Settings - Permission Levels, choose corresponding permission level).

Also, if you are using MOSS 2007, SOAP access can be disabled in the central admin.

I don't have Sharepoint 2010 available at the moment so I cannot check, but I expect the settings to be corresponding.

Edit:

If everything works great under normal HTTP, I would look at the way that HTTPS was enabled.

Take a look at this site "How to enable SSL on a SharePoint 2010 web application", especially the second part (about 1/3rd of the page, regarding adding an alternate access mapping).

Hope this helps.

回复 原文
記柔刀 2024-11-09 15:18:30

您收到此错误是因为您没有指定 mexHttpBinding 也使用“NewBinding0”绑定配置。发生的情况是,在实际 WCF 服务调用之前,WCF 正在尝试获取有关该服务的一些信息。如果该请求不将任何客户端凭据信息传输到服务,则该请求将会失败,因为它是安全的,并且您将收到来自服务器的 401 响应(未授权)。确保您的 mexHttpBinding 也发送 NTLM 凭据。

您也可以删除 mexHttpBinding

You are getting this error because you have not specifed that the mexHttpBinding also use use the 'NewBinding0' binding configuration. What is happening is that prior to your actual WCF service call, WCF is attempting to obtain some information about the service. This request will fail if it does not transport any client credential information to the service since it is secured and you will recieve the 401 response from the server (Not Authorized). Make sure that your mexHttpBinding also sends up the NTLM credentials.

You could alternatively remove the mexHttpBinding

回复 原文
~没有更多了~

关于作者

守望孤独

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文