stackoom
  简体   繁体   中英

How to configure a WCF service with basicHttpBinding and windows authentication and binary encoding

 原文  2014-10-09 04:03:53       c#/ asp.net/ .net/ wcf/ authentication

Question

There are lots of existing questions/answers with subsets of my question (basicHttpBinding with Windows Authentication, using custom bindings, specifying binaryMessageEncoding). However, there are no existing answers with this particular combination of all THREE of those items.

I started with a simple WCF service using basicHttpBinding, with Windows authentication, so the bindings section looked like: 

    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpWindowsBinding">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>

I tested the WCF service and it works just fine with respect to Windows authentication. But then, I wanted to utilize binary message encoding to boost performance. So, that's when I veered into custom binding territory because it appears that one can only specify binary message encoding for basicHttpBinding in a custom binding section, such as for example: 

    <bindings>
        <customBinding>
            <binding name="BasicHttpWindowsBinding">
                <binaryMessageEncoding />
                <httpTransport />
            </binding>
        </customBinding>
    </bindings>

(And I need this EXACT combination of things; please don't advise me to switch to wsHttpBinding, or use netTcpBinding, etc.)

But now I have a problem (unless I'm missing something) because you can only specify the windows authentication under the basicHttpBinding section, and you can only specify the binaryMessageEncoding for the http protocol under the customBinding section.

So my question is, how does one specify basicHttpBinding protocol, with Windows authentication, and using binaryMessageEncoding, if it is possible? (I have to be honest and admit that I am finding the configuration of WCF services to be very difficult to grok, at least when custom bindings are thrown into the mix...)

I THINK that the correct custom binding specifications would be: 

    <bindings>
        <customBinding>
            <binding name="BasicHttpWindowsBinding">
                <binaryMessageEncoding />
                <httpTransport authenticationScheme="Windows" />
            </binding>
        </customBinding>
    </bindings>

... but is this really exactly equivalent to 

    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpWindowsBinding">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>

... with respect to specifying windows authentication (Kerberos, not just Ntlm) for the WCF service?

2 answers

solution1
 0  2014-10-09 05:10:11

Windows Authentication: 

<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpEndpointBinding">
     <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

HttpBinding: 

<services>
  <service behaviorConfiguration="ServiceBehavior" name="Service">
    <endpoint address="" binding="basicHttpBinding"
      bindingConfiguration="BasicHttpEndpointBinding"
      name="BasicHttpEndpoint" contract="IService">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding"
        contract="IMetadataExchange" />
  </service>
</services>

solution2
 0  2014-10-09 18:34:26

So, I did some experimenting and (1) To really specify Kerberos-based windows authentication in a custom binding, one would do it like so: 

<bindings>
    <customBinding>
        <binding name="BasicHttpWindowsBinding">
            <binaryMessageEncoding />
            <httpTransport authenticationScheme="IntegratedWindowsAuthentication" />
        </binding>
    </customBinding>
</bindings>

However, with this specified in both the deployed-to-IIS client MVC web app's web.config file, and the deployed-to-IIS WCF service application's web.config file, I could not get this to work without getting various errors, from 401's to 'Kerberos cannot get a token', etc. (I did a ton of research and experimentation, made sure both the deployed client MVC web app and the deployed WCF service application (deployed to IIS Express 7.5 on my Windows 7 64-bit laptop by Visual Studio 2012 publish process) specify windows authentication in their web.config files and that both IIS virtual directory / applications had Disable Anonymous Authentication and Enable Windows Authentication, etc etc.)

I ended up just making the bindings section in the MVC client web app's web.config say: 

<bindings>
    <customBinding>
        <binding name="BasicHttpWindowsBinding">
            <binaryMessageEncoding />
            <httpTransport authenticationScheme="Ntlm" />
        </binding>
    </customBinding>
</bindings>

but leaving "IntegratedWindowsAuthentication" in the deployed-to-IIS WCF service application's web.config bindings section. Then it worked just fine.

I am going to make a complete duplicate of my solution - MVC client app, WCF service library/application - and leave out the binaryMessageEncoding and just do basicHttpBinding with windows authentication using the regular config sections (ie, NOT utilizing a custom binding), to see if the same behavior exists or if IntegratedWindowsAuthentication can work from "end-to-end" (specified in WCF service application web.config's bindings section AND the MVC web app's web.config bindings section).

If specifying IntegratedWindowsAuthentication in both client and service web.config bindings sections DOES work with no problems, then I will know that either (1) there is an actual problem specifying IntegratedWindowsAuthentication on both the client and service sides when utilizing custom bindings, or (2) I just can't figure out how to make it work when specifying IntegratedWindowsAuthentication on both the client and service sides when utilizing custom bindings (that is, of course, unless the way it really IS supposed to be done is to say "IntegratedWindowsAuthentication" in the WCF service web.config and "Ntlm" in the MVC client web app's web.config).

Will add a short blurb with the results of the not-utilizing-custom-bindings (and therefore with the default text message encoding) experiment when I have time.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF service with authentication using BasicHttpBinding WCF basicHttpBinding Setting Credential hosted in Windows service Windows 8.1 WCF client fails to connect to service with digest authentication over BasicHttpBinding HTTPS on basicHttpBinding for WCF Service Ntlm-authentication against basicHttpBinding WCF service, using Claims WCF Service, Windows Authentication WCF service maxReceivedMessageSize basicHttpBinding issue Configure WCF service client with certificate authentication programmatically How to configure a Windows Azure WCF Service Web Role to work with netTcpBinding? WCF Authentication using basicHttpBinding and custom UserNamePasswordValidator?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM