[英]basicHttpBinding with basic authentication send first request with no user/pass data
当使用带有基本身份验证的WCF basicHttpBinding时,我注意到IIS重置后的第一个请求是在没有用户/传递数据的情况下发送的(没有授权:Basic ....标头数据)
码:
client.ClientCredentials.UserName.UserName = "myUserName";
client.ClientCredentials.UserName.Password = "myPassword";
string anything = client.getValue(@"anyParam..");
配置:
<basicHttpBinding>
<binding name="ServiceNameHereServiceBinding" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="None"
realm="">
</transport>
</security>
</binding>
</basicHttpBinding>
在Fidler监视之后,我发现,第一个请求始终返回401(根本没有身份验证标头),然后另一个请求出现,并返回505错误。 之后,该服务将对所有进一步的请求都起作用。
我找到了解决方案,我想可以与您分享,可能会有所帮助。
解决方案在此处http://plainoldstan.blogspot.ca/2008/07/avoid-http-401-roundtrip-with-adding.html作者:Stanislav Dvoychenko
只需自己创建基本身份验证标头,而不是依靠客户端来创建。 因为开箱即用的客户端将认为端点已经是预先认证的。
// Assign client.ClientCredentials.UserName.UserName and client.ClientCredentials.UserName.Password
SetupClientAuthentication();
HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();
httpRequestProperty.Headers[HttpRequestHeader.Authorization] = "Basic " +
Convert.ToBase64String(Encoding.ASCII.GetBytes(client.ClientCredentials.UserName.UserName + ":" +
client.ClientCredentials.UserName.Password));
using (OperationContextScope scope = new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] =
httpRequestProperty;
// Invoke client
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.