呼叫清单.asmx取得'http要求是未经授权的客户端身份验证方案'ntlm'
[英]call lists.asmx getting 'http request is unauthorized with client authentication scheme 'ntlm'
问题描述
Using console app in C# to call lists.asmx getting 'http request is unauthorized with clien tauthentication scheme 'ntlm'. 
使用C#中的控制台应用程序调用list.asmx,使用clien身份验证方案'ntlm'来获取'http请求'是未经授权的。 The authentication header received from the server was 'Negotiate, NTLM'. 从服务器收到的身份验证标头是“协商,NTLM”。
Environment: 环境:
- Kerberos turned on in QA & Production, not in Dev (stupid I know, but I don't admin any of the boxes) Kerberos是在质量检查和生产环境中打开的,而不是在Dev中打开的(我知道这很愚蠢,但我不管理任何框)
- Hitting a sharepoint webservice to GET data from a sharepoint list (lists.asmx). 命中一个共享点Web服务以从共享点列表(lists.asmx)中获取数据。
- Server uses ssl. 服务器使用ssl。
I get an error message in my qa environment as follows (can't paste the stacktrace as it's in a picture only): 我在我的qa环境中收到一条错误消息,如下所示(无法将stacktrace粘贴为仅在图片中):
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
Direct navigation to the list works fine from every machine. 在每台机器上,直接导航到列表都可以正常工作。
- Code works in a development environment (on the server) which does not have kerberos enabled (should be, but isn't. I CANNOT change this). 代码在未启用kerberos的开发环境中(在服务器上)工作(应该,但不是。我无法更改此设置)。
- Code works against production from a desktop machine which does have kerberos enabled 代码无法在启用了kerberos的台式机上进行生产
- Code does not work in a QA environment which does have kerberos enabled. 代码在启用了kerberos的QA环境中不起作用。 This is where I get the error 这是我得到错误的地方
To call the webservice I do this (no other security-related code involved) 要调用Web服务,我需要这样做(不涉及其他与安全性相关的代码)
XmlElement element = this.LIstsServiceClient.GetListItems(listName, '', query, fields, '300', null, null);
My app.config is as follows 我的app.config如下
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="999999999" maxBufferPoolSize="524288" maxReceivedMessageSize="999999999"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="999999" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<client>
<endpoint address="https://servername/sitecollectionname/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="ListsSoap"
contract="ListsService.ListsSoap" name="ListsSoap" behaviorConfiguration="clientEndpointBehavior" >
<identity>
<servicePrincipalName value="spn" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
5 个解决方案
解决方案1
2 已采纳 2009-10-21 07:31:42
解决方案2
1 2011-11-21 12:46:28
I resolved problem : 我解决了问题:
putting this is Config 把这是配置
<system.serviceModel>
<bindings />
<client />
</system.serviceModel>
解决方案3
0 2009-10-21 07:25:27
It is simply an authentication failure. 这仅仅是身份验证失败。 Check if your console application sends a valid user credential to IIS that hosts this web service. 检查您的控制台应用程序是否将有效的用户凭据发送到承载此Web服务的IIS。
解决方案4
0 2009-11-12 09:55:54
I never did manage to find the answer to this, but mostly because I did not have access to consistently configured environments, hence I was unable to debug my code. 我从未设法找到答案,但是主要是因为我无法访问配置一致的环境,因此无法调试代码。 I believe the issue to be a configuration problem, probably Kerberos related. 我认为该问题是配置问题,可能与Kerberos有关。
解决方案5
0 2014-03-17 15:27:25
I solved this by allowing impersonation on the client endpoint, which the Lists service seems to require for the first request it receives (possibly depending on which web method you're calling). 我通过允许在客户端终结点上模拟来解决此问题,Lists服务似乎对它接收到的第一个请求(可能取决于您正在调用的Web方法)要求模拟。 The Lists service will, confusingly, perform authentication and validation internally and if it fails, generate 401, or 500 responses which make it seem like your request is failing in IIS before hitting the service when in fact, the service method is executing and returning errors. Lists服务将内部混乱地执行身份验证和验证,如果失败,则将生成401或500个响应,这实际上使您的请求在IIS中失败,然后击中该服务,而实际上该服务方法正在执行并返回错误。
<behaviors>
<endpointBehaviors>
<behavior name="SPServiceBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" allowNtlm="True"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.