[英]WCF SOAP Web Service with Windows Authentication stops working, after adding an HTTPS binding to IIS
我看到奇怪的行為。 當我向 IIS 添加 HTTPS 綁定時,我的 Web 服務停止工作。 無論我是否通過以“http://”或“https://”開頭的 URL 使用我的服務,都會發生這種情況。
來自我的服務的錯誤消息
在主機上配置的身份驗證方案 ('IntegratedWindowsAuthentication') 不允許在綁定 'BasicHttpsBinding' ('Anonymous') 上配置的那些。 請確保將 SecurityMode 設置為 Transport 或 TransportCredentialOnly。 此外,這可以通過以下方式解決:通過 IIS 管理工具、ServiceHost.Authentication.AuthenticationSchemes 屬性、元素的應用程序配置文件中、更新綁定上的 ClientCredentialType 屬性或調整HttpTransportBindingElement 上的 AuthenticationScheme 屬性。
我在 IIS 中添加的 HTTPS 綁定
在 IIS 中對我的服務進行身份驗證
我的服務的 web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
問題
默認情況下,IIS 看起來像使用匿名身份驗證的 basicHttpsBinding。 我通過在我已經存在的無名 basicHttpBinding 下添加一個帶有 Windows 身份驗證的 basicHttpsBinding(再次無名,以便它覆蓋默認值)解決了這個問題。
<basicHttpsBinding>
<binding name="">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpsBinding>
為此,我使用了內置在 Visual Studio 中的 WCF 配置編輯器。 如果有人想知道所有這些設置來自哪里:
Microsoft 應該為 web.config 提供與 IIS 相同的結構,其中身份驗證獨立於綁定。 如果他們將配置留給 IIS 以便設置不會發生沖突,那就更好了。 他們真的把球丟在了這一點上。
我的服務的新 web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
<basicHttpsBinding>
<binding name="">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.