[英]Web Service over HTTP with NTLM Authentication
We are trying to create a Web Service which will be consumed over HTTP (not HTTPS), and using NTLM/Windows authentication. 我们正在尝试创建一个Web服务,该服务将通过HTTP(而非HTTPS)并使用NTLM / Windows身份验证进行使用。 Unfortunately, we can't seem to find that "perfect" combination.
不幸的是,我们似乎找不到这种“完美”的组合。 No matter what we try, using Windows authentication always seems to want to force us to use HTTPS;
无论我们尝试什么,使用Windows身份验证似乎总是要强迫我们使用HTTPS。 and using HTTP seems to ignore all attempts at Windows authentication.
并且使用HTTP似乎会忽略所有Windows身份验证尝试。
Here is our app.config thus far: 到目前为止,这是我们的app.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="wsSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://xyz/xyz/xyzws.asmx" binding="basicHttpBinding"
bindingConfiguration="xyzwsSoap" contract="xyzws.xyzwsSoap"
name="xyzwsSoap" />
</client>
</system.serviceModel>
</configuration>
We've also tried creating a new binding using wsHttpBinding instead of basicHttpBinding, but that didn't work either. 我们还尝试了使用wsHttpBinding而不是basicHttpBinding创建新的绑定,但这也不起作用。 Can anyone point us in the right direction?
谁能指出我们正确的方向?
For Windows Authentication, your security mode needs to be set to TransportCredentialOnly
: 对于Windows身份验证,您的安全模式需要设置为
TransportCredentialOnly
:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
Also make sure that your server and client configurations are in sync. 另外,请确保您的服务器和客户端配置同步。
On your server application (one that hosts service) in Web.config system.serviceModel/behaviors/serviceBehaviors
you need to create new behavour. 在Web.config
system.serviceModel/behaviors/serviceBehaviors
的服务器应用程序(承载服务的应用程序)上,您需要创建新的system.serviceModel/behaviors/serviceBehaviors
。
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="internalBehaviour">
<serviceAuthenticationManager authenticationSchemes="Ntlm"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
then in same <system.serviceModel>
in <bindings>
section create 然后在
<bindings>
部分的同一<system.serviceModel>
中创建
<bindings>
<basicHttpBinding>
<binding name="internal" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Then in same <system.serviceModel>
in <services>
section (where you are configuring service you are trying to expose) 然后在
<services>
部分的同一<system.serviceModel>
中(要配置要公开的服务的位置)
<services>
<service behaviorConfiguration="internalBehaviour" name="Corp.WebServices.CorePricingService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="internal" name="ConveyancingEndpoint" contract="Corp.Core.Interfaces.ICorePricingService" />
</service>
(Change contract obviously) (明显改变合同)
then if you are running it from IIS Express
in Visual Studio (or IIS), go to applicationhost.config
然后,如果您是从Visual Studio(或IIS)中的
IIS Express
运行它,请转到applicationhost.config
on Win7: 在Win7上:
IISExpress C:\\Users\\[username]\\Documents\\IISExpress\\config
IISExpress
C:\\Users\\[username]\\Documents\\IISExpress\\config
IIS %WINDIR%\\System32\\inetsrv\\config\\applicationHost.config
IIS
%WINDIR%\\System32\\inetsrv\\config\\applicationHost.config
find <authentication>
section for your website set everything (but <windowsAuthentication enabled="true">
) to false
and Comment out <!--<add value="Negotiate" />-->
(or delete) 找到您网站的
<authentication>
部分,将所有内容(但<windowsAuthentication enabled="true">
)设置为false
并注释掉<!--<add value="Negotiate" />-->
(或删除)
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<!--<add value="Negotiate" />-->
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
Then in your client app in Web.config 然后在您的客户端应用程序中的Web.config
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ConveyancingEndpoint">
<security mode="TransportCredentialOnly" >
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:53769/CorePricingService.svc" binding="basicHttpBinding" bindingConfiguration="ConveyancingEndpoint" contract="ServiceReference2.ICorePricingService" name="ConveyancingEndpoint">
</endpoint>
</client>
You might need to set up windows authentication on your local machine . 您可能需要在本地计算机上设置Windows身份验证 。
Hope this saves you some time. 希望这可以节省您一些时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.