使用客户端身份验证方案“匿名”对HTTP请求进行未经授权的授权？

Question

While trying to invoke a RESTful service(i have used UserNameAuthenticator from this sample for RESTful service Adding basic HTTP auth to a WCF REST service ) from my web client application am getting an error like 尝试调用RESTful服务时（我已从此示例中将UserNameAuthenticator用于RESTful服务，将基本HTTP身份验证添加到WCF REST服务）从我的Web客户端应用程序收到了类似的错误

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic Realm'.

Client CS code 客户端CS代码

BasicHttpBinding binding = new BasicHttpBinding();
binding.SendTimeout = TimeSpan.FromSeconds(25);
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
EndpointAddress address = new  EndpointAddress("http://localhost:12229/RestServiceImpl.svc");
ChannelFactory<RestService.IRestServiceImpl> factory =
new ChannelFactory<RestService.IRestServiceImpl>(binding, address);
RestService.IRestServiceImpl channel = factory.CreateChannel();
channel.GetStudent();

Client Web.config 客户端Web.config

<system.serviceModel>
    <services>
      <service name="RestService.RestServiceImpl">
        <endpoint address="http://localhost:12229/RestServiceImpl.svc"
          binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ExternalSystemsService_v1Interface"
          contract="RestService.IRestServiceImpl"
          name="ExternalSystemsService_v1Port" />
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_ExternalSystemsService_v1Interface"
                         closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00"
                         sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false"
                         hostNameComparisonMode="StrongWildcard" maxBufferSize="65536"
                         maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                         messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                         useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="None" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
  </system.serviceModel>

and RESTful service Web.config 和RESTful服务Web.config

 <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="webHttpTransportSecurity">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
          </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="RestService.RestServiceImpl">
        <endpoint name="ExternalSystemsService_v1Port" address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ExternalSystemsService_v1Interface" contract="RestService.IRestServiceImpl"></endpoint>
      </service>
    </services>
    <behaviors>
      <endpointBehaviors>
        <behavior>
          <webHttp />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="SecureRESTSvcTestBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="RESTfulSecuritySH.CustomUserNameValidator, RESTfulSecuritySH" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

Any suggestion? 有什么建议吗？

Answer 1

One thing that sticks out to me is that in your Client CS Code you programmatically set the transport's client credential type: 我要注意的一件事是，您在客户端CS代码中以编程方式设置了传输的客户端凭据类型：

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;

But in both the client and server configuration file you set the message client credential type. 但是，在客户端和服务器配置文件中，您都设置了消息客户端凭据类型。 Notice how the transport element's clientCredentialType attribute is set to "None" and message element's clientCredentialType is set to "UserName": 请注意，传输元素的clientCredentialType属性如何设置为“ None”，而消息元素的clientCredentialType如何设置为“ UserName”：

<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />

I always try to get it working in development with security turned off and then slowly turn it back on. 我总是尝试在关闭安全性的情况下使其在开发中正常工作，然后慢慢将其重新打开。

Also is this a new development project? 这也是一个新的开发项目吗？ I was curious why you're using WCF over ASP.NET Web API for a RESTful service. 我很好奇您为什么要通过ASP.NET Web API使用WCF来实现RESTful服务。

使用客户端身份验证方案“匿名”对HTTP请求进行未经授权的授权？

问题描述

1 个解决方案

解决方案1
1 2012-11-08 14:37:27

使用客户端身份验证方案“匿名”对HTTP请求进行未经授权的授权？

问题描述

1 个解决方案

解决方案1 1 2012-11-08 14:37:27

解决方案1
1 2012-11-08 14:37:27