1
我身边有对托管在IIS(无生产所以没有SSL证书可用在互联网上使用)WCF服务中授权使用Active Directory - 拒绝访问错误
我的域帐户通过HTTP流量WCF授权问题我想知道如何将客户端的Windows身份验证设置为我的Web服务。我目前在同一个局域网上进行测试,以便代理是没有问题的
我已经包含在这篇文章的末尾
编辑的尝试步骤列表:正在发生的错误是只访问是拒绝,没有别的,从 尝试,抓住客户端应用程序。如果有办法获得更详细的信息,请让我知道,并将结果添加到帖子中。
WCF服务代码:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single, IncludeExceptionDetailInFaults = true)]
public class Data : IData
{
[PrincipalPermission(SecurityAction.Demand, [email protected]"Administrators")]
public List<Incident> GetCases()
{
Queries query = new Queries();
List<Incident> iList = query.CallCases();
return iList;
}
}
WCF Web配置绑定:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="None">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
WCF Web配置行为:
<behavior name="Behaviour1">
<serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
<serviceDebug includeExceptionDetailInFaults="true" />
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="http" port="9577" /> ///This port is correct
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
WCF的Web配置服务:
<service behaviorConfiguration="Behaviour1" name="WebService1.Data">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WebService1.IData">
<identity>
<dns value="demo.DomainName.co.uk" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
客户端应用程序(增加了服务的参考)
DataClient client = new DataClient();
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
principalPerm.Demand();
Console.WriteLine("Demand succeeded.");
client.ClientCredentials.Windows.ClientCredential.Domain = "Domain Name";
client.ClientCredentials.Windows.ClientCredential.UserName = "User Account";
client.ClientCredentials.Windows.ClientCredential.Password = "Password";
//client.ClientCredentials.UserName.UserName = @"[email protected]";
//client.ClientCredentials.UserName.Password = "Password";
//client.ClientCredentials.UseIdentityConfiguration = true;
try
{
List<Incident> cases = client.GetCases().ToList();
foreach (Incident Inc in cases)
{
Console.WriteLine(Inc.CaseID);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
尝试决议:
- 使用域和本地用户
- 修改使用客户端凭据类型基本,NTLM和Windows
- 设置IIS以使用
- IIS启用了基本和Windows身份验证
如果您需要更多信息,请不要犹豫,问。
感谢您的帮助,您可以提供
欢迎来到SO。你已经为第一次海报写了一个很好的问题,但我认为一小部分但重要的信息缺失 - 即你看到的是什么行为或错误?另外,我认为将'securityMode'设置为“None”可能会影响您正在尝试执行的操作 - 儿童安全设置可能会被忽略(这只是我的猜测)。 – Tim 2015-04-01 16:51:02
谢谢Tim,完全忘了补充一点,我现在已经添加了它。并感谢您的热烈欢迎 – 2015-04-01 17:43:36