[英]Enable both Basic and Windows authentication
My services are enabled using Windows authentication on IIS7. 我在IIS7上使用Windows身份验证启用了我的服务。
<binding name="Soap.HttpsBinding" closeTimeout="00:05:00"
openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None">
<extendedProtectionPolicy policyEnforcement="WhenSupported" />
</transport>
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
My clients connect to it successfully using the same binding details. 我的客户端使用相同的绑定详细信息成功连接到它。
I recently had a request to add Basic authentication to support some legacy systems. 我最近要求添加基本身份验证以支持一些遗留系统。 Everything I thought I knew said we can run both side by side.
我认为我知道的一切都说我们可以并排运行。
I enabled Basic authentication, and the legacy systems can connect. 我启用了基本身份验证,旧系统可以连接。 However, all our existing WCF clients are now throwing the following exception:
但是,我们现有的所有WCF客户端现在都抛出以下异常:
MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'.
MessageSecurityException:HTTP请求未经授权,客户端身份验证方案为“Negotiate”。 The authentication header received from the server was 'Basic realm="mydomain.local",Negotiate,NTLM'.
从服务器收到的身份验证标头是'Basic realm =“mydomain.local”,Negotiate,NTLM'。
Regards, Rob. 问候,Rob。
Okay, it turns out this is one of the more misleading Microsoft error messages I've come across. 好吧,事实证明这是我遇到的更具误导性的Microsoft错误消息之一。
The 401 authentication error is being created on the initial request without any exception being logged in the event viewer. 正在初始请求上创建401身份验证错误,而不会在事件查看器中记录任何异常。
The answer appears to be the use of system.webServer -> httpErrors 答案似乎是使用system.webServer - > httpErrors
As I wanted to use the tilde (~) in the URL, I was setting my config to the following: 由于我想在URL中使用波浪号(〜),我将配置设置为以下内容:
<httpErrors>
<clear />
<error statusCode="401" responseMode="ExecuteURL" path="~/error.xml" />
</httpErrors>
Whether it was the use of tilde, or the ExecuteURL, I eventually found that using the following works: 无论是使用代字号还是ExecuteURL,我最终发现使用以下工作:
<httpErrors>
<clear />
<error statusCode="401" responseMode="File" path="/error.xml" />
</httpErrors>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.