WCF 相当于 Web 参考(Kerberos 和 WebGate)
我希望你能帮我做点什么。我试图让我的客户端 WCF 调用的行为与 Web 引用完全相同,我已经正常工作了。
网络参考代码:
Dim wsProxy As New Namespace.ServiceName()
wsProxy.Credentials = CredentialCache.DefaultCredentials
wsProxy.CookieContainer = New CookieContainer()
wsProxy.AllowAutoRedirect = True
wsProxy.WebMethod()
很好而且简单。在我看来,WCF 等效项应该是:
Dim binding As New BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly)
binding.Security.Tranport.ClientCredentialType = HttpClientCredentialType.Windows
Dim wsProxy As New Namespace.ServiceName(binding, New EndpointAddress("..."))
wsProxy.ClientCredentials.Windows.AllowNtlm = False
wsProxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification
wsProxy.ChannelFactory.Credentials.Windows.ClientCredential = Net.CredentialCache.DefaultCredentials
wsProxy.WebMethod()
无论我尝试什么,我都无法获得 WCF 等效项来进行身份验证。我总是得到:
“HTTP 请求未经客户端身份验证方案“协商”授权。从服务器收到的身份验证标头是“协商,基本领域 =“我的领域””。”
关键标准:
- 需要使用 Kerberos 进行身份验证
- 身份验证过程涉及 401 质询之前的重定向。
- Cookie 需要持久化。
注意:重定向和 401 由 Oracle Access Manager 提供 - 但我们知道这里没有什么特别奇怪的,因为 Web 参考工作正常。
非常感谢任何帮助!
更新 1
感谢您提出问题 - 作为对 diggingforfile 的回应,上面的示例没有使用 web.config。但是,如果我添加服务引用,则会设置以下配置:
<basicHttpBinding>
<binding name="SomeBindingName" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxByesPerRead="4096" maxNameTableCharCount="16384"
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<basicHttpBinding>
<client>
<endpoint address="http://Server/Service"
binding="basicHttpBinding" bindingConfiguration="SomeBindingName"
contract="Namespace.ServiceName" name="SomeEndpointName" />
</client>
如果我尝试此操作,我会得到:
“HTTP 请求未经客户端身份验证方案‘匿名’的授权。从服务器收到的身份验证标头是‘协商,基础领域=“我的领域”。”
I hope you can help me with something. I am trying to get my client-side WCF call to behave exactly the same as a web reference, which I have working correctly.
Web reference code:
Dim wsProxy As New Namespace.ServiceName()
wsProxy.Credentials = CredentialCache.DefaultCredentials
wsProxy.CookieContainer = New CookieContainer()
wsProxy.AllowAutoRedirect = True
wsProxy.WebMethod()
Nice and simple. To my mind, the WCF equivalent should be:
Dim binding As New BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly)
binding.Security.Tranport.ClientCredentialType = HttpClientCredentialType.Windows
Dim wsProxy As New Namespace.ServiceName(binding, New EndpointAddress("..."))
wsProxy.ClientCredentials.Windows.AllowNtlm = False
wsProxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification
wsProxy.ChannelFactory.Credentials.Windows.ClientCredential = Net.CredentialCache.DefaultCredentials
wsProxy.WebMethod()
No matter what I try, I can't get the WCF equivalent to authenticate. I always get:
"The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,Basic realm="My Realm"'."
Key criteria:
- Needs to authenticate using Kerberos
- The authentication procedure involves redirects before a 401 challenge.
- Cookies need to be persisted.
NOTE: Redirects and 401 are provided by Oracle Access Manager - but we know that there's nothing particularly exotic here, as the web reference works ok.
Any help much appreciated!
Update 1
Thanks for your question - in response to diggingforfile, the example above doesn't use a web.config. However, if I do add a service reference, the following config is set up:
<basicHttpBinding>
<binding name="SomeBindingName" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxByesPerRead="4096" maxNameTableCharCount="16384"
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<basicHttpBinding>
<client>
<endpoint address="http://Server/Service"
binding="basicHttpBinding" bindingConfiguration="SomeBindingName"
contract="Namespace.ServiceName" name="SomeEndpointName" />
</client>
If I try this, I get:
"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,Basic realm="My Realm"'."
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论