身份驗證失敗-客戶端到WCF到WCF Windows身份驗證
[英]Authentication Failed - Client to WCF to WCF Windows Authentication
問題描述
我有一個Windows Forms應用程序,該應用程序稱為“商務” WCF服務。 我們將此稱為Business1。 然后,Business1調用Service1-我希望來自客戶端的憑據通過Busines1流入Service1。
目前,我從Busines1收到“身份驗證失敗”的信息-呼叫甚至都沒有轉到第二個服務。
我已將此服務配置如下:
業務1配置:
<system.serviceModel>
<client>
<endpoint address="http://cdm/ecm/DocumentManagement.svc" binding="wsHttpBinding"
bindingConfiguration="ConversantDocumentManagement" contract="ECM.IDocumentManagement" behaviorConfiguration="DelegationBehavior"
name="ConversantDocumentManagement">
</endpoint>
</client>
<services>
<service name="Conversant.Applications.Services.Prosecution.ProsecutionService" behaviorConfiguration="ProsecutionServiceBehavior" >
<endpoint address="" binding="wsHttpBinding" name="ConversantProsecutionServiceEndpoint" contract="Conversant.Applications.Services.Prosecution.IProsecutionService" bindingConfiguration="ConversantProsecutionBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ConversantProsecutionBinding" maxReceivedMessageSize="2147483647">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
<binding name="ConversantDocumentManagement">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ProsecutionServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="DelegationBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<!--<add binding="basicHttpsBinding" scheme="https"/>
<add binding="wsHttpBinding" scheme="https"/>-->
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
Service1 Config:
<system.serviceModel>
<services>
<service behaviorConfiguration="ECMServiceBehavior" name="Conversant.Applications.Services.ECM.Authentication">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_Authentication"
name="ConversantDocumentManagement" contract="Conversant.Applications.Services.ECM.IAuthentication" >
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<service behaviorConfiguration="ECMServiceBehavior" name="Conversant.Applications.Services.ECM.DocumentManagement">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_DocumentManagement"
name="ConversantDocumentManagement" contract="Conversant.Applications.Services.ECM.IDocumentManagement">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_DocumentManagement" receiveTimeout="00:05:00"
maxReceivedMessageSize="2147483647" />
<binding name="BasicHttpBinding_Authentication" />
<binding name="BasicHttpBinding_ContentService" messageEncoding="Mtom" />
<binding name="ECMServer_NoAuth" maxReceivedMessageSize="2147483647"
transferMode="Streamed">
<security mode="None" />
</binding>
<binding name="AuthenticationPortBinding" />
</basicHttpBinding>
<wsHttpBinding><binding name="wsHttpBinding_DocumentManagement" receiveTimeout="00:05:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" >
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true"/>
</security>
</binding>
<binding name="wsHttpBinding_Authentication">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ECMServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="myBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
最后,為了完整起見,使用了Windows Forms客戶端(好吧,目前它實際上是一個單元測試客戶端-但想法相同)
客戶端配置:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="ConversantProsecutionServiceEndpoint" openTimeout="00:03:00"
receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://cdm/prosecution/ProsecutionService.svc"
binding="wsHttpBinding" bindingConfiguration="ConversantProsecutionServiceEndpoint"
contract="ProsecutionService.IProsecutionService" name="ConversantProsecutionServiceEndpoint" behaviorConfiguration="DelegationBehavior">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="DelegationBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation" allowNtlm="true" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
我希望在當前登錄的用戶下完成從Business1到Service1的調用。
domain \\ johndoe應該一直是整個調用的用戶。
有人鏈接到使用WCF進行模擬/委派的示例嗎?
謝謝!
1 個解決方案
解決方案1
0 2015-04-09 15:13:52
如果存在多跳請求,並且您要將Windows憑據從一台服務器傳遞到另一台服務器,則必須設置“服務主體名稱(SPN)”和“刪除請求”。
如果不這樣做,則無法在多跳環境中傳遞已登錄的用戶憑據。
WCF客戶端緩存Windows身份驗證
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.