stackoom
  简体   繁体   中英

Enable both Basic and Windows authentication

 原文  2013-10-15 13:37:34       c#/ .net/ wcf/ authentication/ iis-7

Question

My services are enabled using Windows authentication on IIS7. 

    <binding name="Soap.HttpsBinding" closeTimeout="00:05:00"
             openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
      <security mode="Transport">
        <transport clientCredentialType="Windows" proxyCredentialType="None">
          <extendedProtectionPolicy policyEnforcement="WhenSupported" />
        </transport>
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>

My clients connect to it successfully using the same binding details.

I recently had a request to add Basic authentication to support some legacy systems. Everything I thought I knew said we can run both side by side.

I enabled Basic authentication, and the legacy systems can connect. However, all our existing WCF clients are now throwing the following exception:

MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Basic realm="mydomain.local",Negotiate,NTLM'.

  1. Why is Basic being listed first when it's beneath the others in the module list?
  2. Why are the clients not failing Basic and moving onto Negotiate? (surely they don't have to be identical)
  3. How can I support both Basic and Windows authentication on the same WCF service?

Regards, Rob.

1 answers

solution1
 1 ACCPTED  2013-11-20 11:05:02

Okay, it turns out this is one of the more misleading Microsoft error messages I've come across.

The 401 authentication error is being created on the initial request without any exception being logged in the event viewer.

The answer appears to be the use of system.webServer -> httpErrors

As I wanted to use the tilde (~) in the URL, I was setting my config to the following: 

<httpErrors>
  <clear />
  <error statusCode="401" responseMode="ExecuteURL" path="~/error.xml" />
</httpErrors>

Whether it was the use of tilde, or the ExecuteURL, I eventually found that using the following works: 

<httpErrors>
  <clear />
  <error statusCode="401" responseMode="File" path="/error.xml" />
</httpErrors>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Enable both Windows authentication and Anonymous authentication in an ASP.NET Core app enable Windows Authentication in Windows 8.1 WCF Client with both Basic and Client Certificate Authentication How to enable both CORS support and NTLM authentication How to enable Windows authentication with server side Blazor How to enable access to all origins in Web API with basic authentication enabled? How to enable windows authentication in conjunction with Owin token authentication in web api? How to enable SSL, Windows Authentication and Anonymous Authentication through Console Using both OWIN Cookie Authentication and Windows Authentication in the same MVC application Enabling Windows and Basic Authentication for ASP.NET Web API 2 Application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM