[英]call lists.asmx getting 'http request is unauthorized with client authentication scheme 'ntlm'
Using console app in C# to call lists.asmx getting 'http request is unauthorized with clien tauthentication scheme 'ntlm'. 使用C#中的控制台应用程序调用list.asmx,使用clien身份验证方案'ntlm'来获取'http请求'是未经授权的。 The authentication header received from the server was 'Negotiate, NTLM'.
从服务器收到的身份验证标头是“协商,NTLM”。
Environment: 环境:
I get an error message in my qa environment as follows (can't paste the stacktrace as it's in a picture only): 我在我的qa环境中收到一条错误消息,如下所示(无法将stacktrace粘贴为仅在图片中):
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
Direct navigation to the list works fine from every machine. 在每台机器上,直接导航到列表都可以正常工作。
To call the webservice I do this (no other security-related code involved) 要调用Web服务,我需要这样做(不涉及其他与安全性相关的代码)
XmlElement element = this.LIstsServiceClient.GetListItems(listName, '', query, fields, '300', null, null);
My app.config is as follows 我的app.config如下
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="999999999" maxBufferPoolSize="524288" maxReceivedMessageSize="999999999"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="999999" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<client>
<endpoint address="https://servername/sitecollectionname/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="ListsSoap"
contract="ListsService.ListsSoap" name="ListsSoap" behaviorConfiguration="clientEndpointBehavior" >
<identity>
<servicePrincipalName value="spn" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
I resolved problem : 我解决了问题:
putting this is Config 把这是配置
<system.serviceModel>
<bindings />
<client />
</system.serviceModel>
It is simply an authentication failure. 这仅仅是身份验证失败。 Check if your console application sends a valid user credential to IIS that hosts this web service.
检查您的控制台应用程序是否将有效的用户凭据发送到承载此Web服务的IIS。
I never did manage to find the answer to this, but mostly because I did not have access to consistently configured environments, hence I was unable to debug my code. 我从未设法找到答案,但是主要是因为我无法访问配置一致的环境,因此无法调试代码。 I believe the issue to be a configuration problem, probably Kerberos related.
我认为该问题是配置问题,可能与Kerberos有关。
I solved this by allowing impersonation on the client endpoint, which the Lists service seems to require for the first request it receives (possibly depending on which web method you're calling). 我通过允许在客户端终结点上模拟来解决此问题,Lists服务似乎对它接收到的第一个请求(可能取决于您正在调用的Web方法)要求模拟。 The Lists service will, confusingly, perform authentication and validation internally and if it fails, generate 401, or 500 responses which make it seem like your request is failing in IIS before hitting the service when in fact, the service method is executing and returning errors.
Lists服务将内部混乱地执行身份验证和验证,如果失败,则将生成401或500个响应,这实际上使您的请求在IIS中失败,然后击中该服务,而实际上该服务方法正在执行并返回错误。
<behaviors>
<endpointBehaviors>
<behavior name="SPServiceBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" allowNtlm="True"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.