WCF REST 服务 - 401 未经授权

发布于 2024-11-30 08:04:01 字数 1112 浏览 2 评论 0原文

我们正在开发一个 WCF REST Web 服务，该服务仅从任何匿名用户接收一堆任意文本，然后在后端执行一些处理。

例如，以下是我们的 Web 服务中的一种方法：

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class MyRESTService : IMyRESTService
{
    [WebInvoke(Method = "PUT", UriTemplate = "/MyRESTMethod?paramA={paramA}&paramB={paramB}")]
    public Stream MyRESTMethod(string paramA, string paramB, Stream rawData)
    {
        //do some stuff...
    }
}

如果我们仅使用默认的 IIS 设置，我们会收到 (401) Unauthorized。然而，经过多次试验和错误，我们发现可以通过向我们服务的实际 .svc 文件上的“每个人”授予写入访问权限来使其正常工作。

我的问题是：为什么 IIS 需要对 .svc 文件具有写入访问权限才能正常工作？有没有更好的方法或者我是否坚持这种黑客（并且可能不安全）的解决方法？

微软什么鬼？

可能相关：

原文

We're in the process of developing a WCF REST web service which just receives a bunch of arbitrary text from any anonymous user and then performs some processing on the back end.

For example, here's one method from our web service:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class MyRESTService : IMyRESTService
{
    [WebInvoke(Method = "PUT", UriTemplate = "/MyRESTMethod?paramA={paramA}¶mB={paramB}")]
    public Stream MyRESTMethod(string paramA, string paramB, Stream rawData)
    {
        //do some stuff...
    }
}

If we just use the default IIS settings we get a (401) Unauthorized. However, after much trial and error we figured out that we could get it to work by giving WRITE access to 'Everyone' on the actual .svc file for our service.

My question is: why in the world would IIS need to have WRITE access to an .svc file for this to work? Is there a better way or am I stuck with this hackish (and possibly insecure) workaround?

WTF Microsoft?

Possibly related:

分享到QQ

分享到微博