basicHttpBinding身份驗證錯誤
[英]basicHttpBinding authentication error
問題描述
我是Web服務的新手,我需要使用wsHttpsBinding和basicHttpBinding為C#桌面應用程序對現有的Web服務實現basicHttpBinding 。 當我嘗試通過桌面應用程序使用該服務時,出現以下錯誤:
客戶端身份驗證方案“匿名”禁止HTTP請求。
具有basicHttpBinding和wsHttpsBinding的Web服務上的web.config文件如下所示:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true"
maxMessagesToLog="25000">
<filters>
<clear />
</filters>
</messageLogging>
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior name="SecureBehave">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="HIBridgeLib.HIBridgeService.Security.MessageSecurityValidator, HIBridgeLib"/>
<!--
<serviceCertificate findValue="WCfServer"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
-->
</serviceCredentials>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="HIBridge_SSLBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="True" establishSecurityContext="True" />
</security>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="HIBridge_BasicBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
</security>
<readerQuotas maxStringContentLength="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="HIBridgeWebService.HIBridgeService" behaviorConfiguration="SecureBehave">
<endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="HIBridge_BasicBinding" contract="HIBridgeLib.HIBridgeService.IHIBridgeService"></endpoint>
<endpoint address="ws" binding="wsHttpBinding" bindingConfiguration="HIBridge_SSLBinding" contract="HIBridgeLib.HIBridgeService.IHIBridgeService"></endpoint>
<host>
<baseAddresses>
<add baseAddress="https://10.50.1.85:1125/HIBridge/HIBridgeService.svc" />
</baseAddresses>
</host>
</service>
</services>
userNameAuthentication看起來像這樣:
namespace HIBridgeLib.HIBridgeService.Security
{
public class MessageSecurityValidator : UserNamePasswordValidator
{
private const string USERNAME = "username";
private const string PASSWORD = "password";
public override void Validate(string userName, string password)
{
if (userName == null || password == null)
{
throw new ArgumentNullException();
}
if (USERNAME.Equals(userName) && PASSWORD.Equals(password))
{
}
else
{
throw new FaultException("Invalid Message Security Credentials");
}
}
}
}
我的桌面應用程序代碼看起來像這樣來使用Web服務:
ChannelFactory<HIBridgeLib.HIBridgeService.IHIBridgeService> myChannelFactory = null;
HIBridgeLib.HIBridgeService.IHIBridgeService HIBridgeService = null;
System.ServiceModel.BasicHttpBinding basicHTTPBinding = new System.ServiceModel.BasicHttpBinding();
basicHTTPBinding.Name = "HIBridge_BasicBinding";
basicHTTPBinding.OpenTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.CloseTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.SendTimeout = TimeSpan.FromMinutes(1);
basicHTTPBinding.ReceiveTimeout = TimeSpan.FromMinutes(10);
basicHTTPBinding.BypassProxyOnLocal = false;
basicHTTPBinding.HostNameComparisonMode = System.ServiceModel.HostNameComparisonMode.StrongWildcard;
basicHTTPBinding.MaxBufferPoolSize = 2147483647;
basicHTTPBinding.MaxReceivedMessageSize = 2147483647;
basicHTTPBinding.MessageEncoding = System.ServiceModel.WSMessageEncoding.Text;
basicHTTPBinding.TextEncoding = Encoding.UTF8;
basicHTTPBinding.UseDefaultWebProxy = true;
basicHTTPBinding.AllowCookies = false;
basicHTTPBinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.TransportWithMessageCredential;
basicHTTPBinding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Certificate;
basicHTTPBinding.Security.Transport.ProxyCredentialType = System.ServiceModel.HttpProxyCredentialType.None;
basicHTTPBinding.Security.Transport.Realm = "";
System.ServiceModel.EndpointAddress endpointAddress = null;
if (LocalMedCart.CartProfile.ConsoleHostname.Contains("/HIBridge/HIBridgeService.svc"))
endpointAddress = new System.ServiceModel.EndpointAddress(LocalMedCart.CartProfile.ConsoleHostname + "/basic");
else
endpointAddress = new System.ServiceModel.EndpointAddress(string.Format("https://{0}:{1}/HIBridge/HIBridgeService.svc/basic", LocalMedCart.CartProfile.ConsoleHostname, LocalMedCart.CartProfile.CommunicationPort));
HIBridgeLib.HIBridgeService.Security.PermissiveCertificatePolicy.Enact(string.Format("CN={0}", LocalMedCart.CertificateName));
myChannelFactory = new ChannelFactory<HIBridgeLib.HIBridgeService.IHIBridgeService>(basicHTTPBinding, endpointAddress);
myChannelFactory.Credentials.UserName.UserName = "username";
HIBridgeService = myChannelFactory.CreateChannel();
//do something
((IClientChannel)HIBridgeService).Close();
myChannelFactory.Close();
是什么導致錯誤?
1 個解決方案
解決方案1
1 2015-01-01 23:27:14
聽起來您似乎專門針對該服務的basicHttpBinding 。 因此, wsHttpBinding設置與MessageSecurityValidator類無關。 通常,您的客戶端設置應與服務器設置匹配,服務器設置使用帶有客戶端證書證書的 transport安全性。 就WCF而言,該證書將標識用戶。 因此,您無需確保設置用戶名,而是需要確保使用的是服務器認可的有效證書。 不幸的是,我沒有足夠的信息來對您的證書到底有什么問題進行疑難解答,但請檢查一下:
- 您的本地證書存儲區(在運行桌面應用程序的計算機上)實際上具有該服務識別為有效的證書。
- 證書已正確指定。 MSDN建議使用類似於
myClient.ClientCredentials.ClientCertificate.SetCertificate(...)來提供證書。 (鏈接中的示例服務使用wsHttpBinding而不是basicHttpBinding,但是對於這方面的配置,它應該沒有任何區別。) - 托管服務的Web服務器實際上已配置為用於客戶端證書身份驗證。 一個參考建議建議在Web服務器上的管理員命令提示符下檢查
netsh http show sslcert的輸出,以查看是否為該站點啟用了協商客戶端證書。
使用basicHttpBinding和自定義UserNamePasswordValidator的WCF身份驗證?
[英]WCF Authentication using basicHttpBinding and custom UserNamePasswordValidator?
Windows Phone錯誤處理:具有BasicHttpBinding和TransportWithMessageCredential的WCF
[英]Windows Phone Error Handling: WCF with BasicHttpBinding and TransportWithMessageCredential
如何使用basicHttpBinding和Windows身份驗證以及二進制編碼配置WCF服務
[英]How to configure a WCF service with basicHttpBinding and windows authentication and binary encoding
具有基本身份驗證的basicHttpBinding發送沒有用戶/傳遞數據的第一個請求
[英]basicHttpBinding with basic authentication send first request with no user/pass data
使用Claims針對basicHttpBinding WCF服務進行Ntlm身份驗證
[英]Ntlm-authentication against basicHttpBinding WCF service, using Claims
使用basichttpBinding和流的transfermode的WCF中出現錯誤請求
[英]error Bad Request in WCF using basichttpBinding with transfermode of streamed
WCF服務-basicHttpBinding配置中的運行時錯誤將clientCredentialType傳輸到Basic
[英]WCF service - Getting Runtime error in basicHttpBinding configuration transport clientCredentialType to Basic
在主機(“ Basic”)上配置的身份驗證方案不允許在綁定“ BasicHttpBinding”上配置的身份驗證方案
[英]The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用BasicHttpBinding進行身份驗證的WCF服務
使用請求偵聽器對 BasicHttpBinding 進行身份驗證
使用basicHttpBinding和自定義UserNamePasswordValidator的WCF身份驗證?
Windows Phone錯誤處理:具有BasicHttpBinding和TransportWithMessageCredential的WCF
如何使用basicHttpBinding和Windows身份驗證以及二進制編碼配置WCF服務
具有基本身份驗證的basicHttpBinding發送沒有用戶/傳遞數據的第一個請求
使用Claims針對basicHttpBinding WCF服務進行Ntlm身份驗證
使用basichttpBinding和流的transfermode的WCF中出現錯誤請求
WCF服務-basicHttpBinding配置中的運行時錯誤將clientCredentialType傳輸到Basic
在主機(“ Basic”)上配置的身份驗證方案不允許在綁定“ BasicHttpBinding”上配置的身份驗證方案
相關標簽