堆栈内存溢出
  简体   繁体   English

启用基本和Windows身份验证

[英]Enable both Basic and Windows authentication

 原文  2013-10-15 13:37:34       c#/ .net/ wcf/ authentication/ iis-7

问题描述

My services are enabled using Windows authentication on IIS7. 我在IIS7上使用Windows身份验证启用了我的服务。 

    <binding name="Soap.HttpsBinding" closeTimeout="00:05:00"
             openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
      <security mode="Transport">
        <transport clientCredentialType="Windows" proxyCredentialType="None">
          <extendedProtectionPolicy policyEnforcement="WhenSupported" />
        </transport>
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>

My clients connect to it successfully using the same binding details. 我的客户端使用相同的绑定详细信息成功连接到它。

I recently had a request to add Basic authentication to support some legacy systems. 我最近要求添加基本身份验证以支持一些遗留系统。 Everything I thought I knew said we can run both side by side. 我认为我知道的一切都说我们可以并排运行。

I enabled Basic authentication, and the legacy systems can connect. 我启用了基本身份验证,旧系统可以连接。 However, all our existing WCF clients are now throwing the following exception: 但是,我们现有的所有WCF客户端现在都抛出以下异常:

MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. MessageSecurityException:HTTP请求未经授权,客户端身份验证方案为“Negotiate”。 The authentication header received from the server was 'Basic realm="mydomain.local",Negotiate,NTLM'. 从服务器收到的身份验证标头是'Basic realm =“mydomain.local”,Negotiate,NTLM'。

  1. Why is Basic being listed first when it's beneath the others in the module list? 为什么Basic在模块列表中位于其他位置之下时首先列出?
  2. Why are the clients not failing Basic and moving onto Negotiate? 为什么客户没有失败基本并转向谈判? (surely they don't have to be identical) (当然他们不一定相同)
  3. How can I support both Basic and Windows authentication on the same WCF service? 如何在同一WCF服务上同时支持Basic和Windows身份验证?

Regards, Rob. 问候,Rob。

1 个解决方案

解决方案1
 1 已采纳  2013-11-20 11:05:02

Okay, it turns out this is one of the more misleading Microsoft error messages I've come across. 好吧,事实证明这是我遇到的更具误导性的Microsoft错误消息之一。

The 401 authentication error is being created on the initial request without any exception being logged in the event viewer. 正在初始请求上创建401身份验证错误,而不会在事件查看器中记录任何异常。

The answer appears to be the use of system.webServer -> httpErrors 答案似乎是使用system.webServer - > httpErrors

As I wanted to use the tilde (~) in the URL, I was setting my config to the following: 由于我想在URL中使用波浪号(〜),我将配置设置为以下内容: 

<httpErrors>
  <clear />
  <error statusCode="401" responseMode="ExecuteURL" path="~/error.xml" />
</httpErrors>

Whether it was the use of tilde, or the ExecuteURL, I eventually found that using the following works: 无论是使用代字号还是ExecuteURL,我最终发现使用以下工作: 

<httpErrors>
  <clear />
  <error statusCode="401" responseMode="File" path="/error.xml" />
</httpErrors>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 ASP.NET Core 应用中同时启用 Windows 身份验证和匿名身份验证 - Enable both Windows authentication and Anonymous authentication in an ASP.NET Core app 在Windows 8.1中启用Windows身份验证 - enable Windows Authentication in Windows 8.1 具有基本证书验证和客户端证书验证的WCF客户端 - WCF Client with both Basic and Client Certificate Authentication 如何启用CORS支持和NTLM身份验证 - How to enable both CORS support and NTLM authentication 如何使用服务器端 Blazor 启用 Windows 身份验证 - How to enable Windows authentication with server side Blazor 如何在启用基本身份验证的情况下启用对Web API中所有来源的访问? - How to enable access to all origins in Web API with basic authentication enabled? 如何在Web API中将Windows身份验证与Owin令牌身份验证结合使用? - How to enable windows authentication in conjunction with Owin token authentication in web api? 如何通过控制台启用SSL,Windows身份验证和匿名身份验证 - How to enable SSL, Windows Authentication and Anonymous Authentication through Console 在同一个MVC应用程序中使用OWIN Cookie身份验证和Windows身份验证 - Using both OWIN Cookie Authentication and Windows Authentication in the same MVC application 为ASP.NET Web API 2应用程序启用Windows和基本身份验证 - Enabling Windows and Basic Authentication for ASP.NET Web API 2 Application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM