[英]basicHttpBinding with basic authentication send first request with no user/pass data
當使用帶有基本身份驗證的WCF basicHttpBinding時,我注意到IIS重置后的第一個請求是在沒有用戶/傳遞數據的情況下發送的(沒有授權:Basic ....標頭數據)
碼:
client.ClientCredentials.UserName.UserName = "myUserName";
client.ClientCredentials.UserName.Password = "myPassword";
string anything = client.getValue(@"anyParam..");
配置:
<basicHttpBinding>
<binding name="ServiceNameHereServiceBinding" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="None"
realm="">
</transport>
</security>
</binding>
</basicHttpBinding>
在Fidler監視之后,我發現,第一個請求始終返回401(根本沒有身份驗證標頭),然后另一個請求出現,並返回505錯誤。 之后,該服務將對所有進一步的請求都起作用。
我找到了解決方案,我想可以與您分享,可能會有所幫助。
解決方案在此處http://plainoldstan.blogspot.ca/2008/07/avoid-http-401-roundtrip-with-adding.html作者:Stanislav Dvoychenko
只需自己創建基本身份驗證標頭,而不是依靠客戶端來創建。 因為開箱即用的客戶端將認為端點已經是預先認證的。
// Assign client.ClientCredentials.UserName.UserName and client.ClientCredentials.UserName.Password
SetupClientAuthentication();
HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();
httpRequestProperty.Headers[HttpRequestHeader.Authorization] = "Basic " +
Convert.ToBase64String(Encoding.ASCII.GetBytes(client.ClientCredentials.UserName.UserName + ":" +
client.ClientCredentials.UserName.Password));
using (OperationContextScope scope = new OperationContextScope(client.InnerChannel))
{
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] =
httpRequestProperty;
// Invoke client
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.