WCF 中的 NTLM 身份验证调用 .net core API
[英]NTLM authentication in WCF calling .net core API
问题描述
I have a WCF service (A) that calls another WCF service (B) with the below configuration.
我有一个 WCF 服务(A),它使用以下配置调用另一个 WCF 服务(B)。
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
I'm working on calling service B from a .net core (v2.2) service.我正在从 .net core (v2.2) 服务调用服务 B。 I have the below setup:我有以下设置:
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
basicHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
// doesn't have Default as the option. Only TripleDes
//basicHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.TripleDes
basicHttpBinding.MaxReceivedMessageSize = int.MaxValue;
basicHttpBinding.ReceiveTimeout = new TimeSpan(250000000000);//Timespan in nanoseconds.
EndpointAddress endpointAddress = new EndpointAddress("http://");
customerServiceClient = new CustomerServiceClient(basicHttpBinding, endpointAddress);
NetworkCredential networkCredential = new NetworkCredential("user", "password", "domain");
customerServiceClient.ClientCredentials.Windows.ClientCredential = networkCredential;
customerServiceClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
I'm getting the error: Authentication failed because the connection could not be reused.我收到错误:身份验证失败,因为无法重用连接。 Below is the partial stack of the exception:以下是异常的部分堆栈:
{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":{"Message":"Authentication failed because the connection could not be reused.","Data":{},"InnerException":null,"StackTrace":" at System.Net.Http.HttpConnection.DrainResponseAsync(HttpResponseMessage response)\r\n at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)\r\n at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)\r\n at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)\r\n...
Please let me know how to get this fixed.请让我知道如何解决这个问题。 Also, this API will be deployed into PCF.此外,此 API 将部署到 PCF 中。
Thanks, Arun谢谢,阿伦
1 个解决方案
解决方案1
0 已采纳 2020-01-14 08:01:03
At present, NetCore doesn't support message security mode.目前, NetCore不支持消息安全模式。 Thereby the below statement won't work.因此下面的语句将不起作用。
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
But the NetCore2.2 supports the WCF service with TransportCredentialOnly security mode.但NetCore2.2支持具有TransportCredentialOnly安全模式的 WCF 服务。
Here is an example of invocating the service.这是调用服务的示例。
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
NetworkCredential nc = new NetworkCredential("administrator", "abcd1234!");
client.ClientCredentials.Windows.ClientCredential = nc;
var result = client.TestAsync().Result;
Console.WriteLine(result);
After we add connected service reference, the binding settings and endpoints have already configured in the Reference.cs file.添加连接的服务引用后,绑定设置和端点已经在 Reference.cs 文件中配置。
We just need to modify the default service endpoint address.我们只需要修改默认的服务端点地址。
Then we configure the Windows credential on the client-side.然后我们在客户端配置 Windows 凭据。 On my side, it works.在我这边,它有效。 Please make sure your client project based on AspNet Core2.2 Besides, please refer to the discussion in the official Github repository.请确保您的客户端项目基于AspNet Core2.2此外,请参考官方 Github 存储库中的讨论。 It might be useful to you.它可能对你有用。
https://github.com/dotnet/wcf/issues/2923 https://github.com/dotnet/wcf/issues/2923
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.