WCF安全错误使用VS 2008的单元测试

Question

我跑了WCF服务我的第一个Visual Studio 2008的单元测试，我收到以下错误：

Test method UnitTest.ServiceUnitTest.TestMyService threw exception: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized..

我也收到以下失败审核在安全日志：

Logon Failure: Reason: The user has not been granted the requested logon type at this machine
User Name: (Internet Guest Account)
Domain:
Logon Type: 3
Logon Process: IIS
Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:

我在Windows XP SP3机器上的IIS 6.0托管WCF服务。我为WCF服务虚拟目录选中了“匿名访问”和“集成Windows身份验证”。

下面是我的服务配置文件：

<system.serviceModel> 
    <services> 
     <bindings> 
      <basicHttpBinding> 
       <binding name="MyBinding"> 
       <security mode="None" /> 
      </binding> 
      </basicHttpBinding> 
      <customBinding> 
       <binding name="MyBinding"> 
       <transactionFlow /> 
        <textMessageEncoding /> 
        <httpsTransport authenticationScheme="Ntlm"/> 
       </binding> 
      </customBinding> 
      <wsHttpBinding> 
       <binding name="MyBinding"> 
        <security mode="None" /> 
       </binding> 
      </wsHttpBinding> 
     </bindings> 
     <service 
      behaviorConfiguration="Service1Behavior" 
      name="Service1" 
     > 
      <endpoint 
       address="" 
       binding="wsHttpBinding" 
       bindingConfiguration="MyBinding" 
       contract="IService1" 
      > 
       <identity> 
        <dns value="localhost" /> 
        </identity> 
      </endpoint> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
      <behavior name="Service1Behavior"> 
       <serviceMetadata httpGetEnabled="true" /> 
        <serviceDebug includeExceptionDetailInFaults="false" /> 
       </behavior> 
     </serviceBehaviors> 
    </behaviors> 
</system.serviceModel> 

Answer 1

我不得不改变以下IIS和WCF服务配置，让过去的 “协商，NTLM” 异常

IIS配置：

-- Unchecked "Anonymous Access" checkbox and check the "Integrated Windows authentication" checkbox in the directory security setting for the WCF Service virtual directory.

WCF服务：

-- implemented basicHttpBinding and configured the basicSettingBinding security setting to "TransportCredentialsOnly" mode and TransportClientCredentialType to "Windows"

这里是我的更新WCF服务配置：

<system.serviceModel> 
    <bindings> 
     <basicHttpBinding> 
      <binding name="windowsBasicHttpBinding"> 
       <security mode="TransportCredentialOnly"> 
        <transport clientCredentialType="Windows" /> 
       </security> 
      </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service  
     behaviorConfiguration="CityOfMesa.ApprovalRouting.WCFService.RoutingServiceBehavior" 
      name="CityOfMesa.ApprovalRouting.WCFService.RoutingService" 
     > 
      <endpoint 
       binding="basicHttpBinding" bindingConfiguration="windowsBasicHttpBinding" 
       name="basicEndPoint"  
       contract="CityOfMesa.ApprovalRouting.WCFService.IRoutingService" 
      /> 
     </service> 
    </services> 
    <behaviors> 
     <serviceBehaviors> 
      <behavior 
       name="CityOfMesa.ApprovalRouting.WCFService.RoutingServiceBehavior" 
      > 
       <serviceMetadata httpGetEnabled="true" /> 
       <serviceDebug includeExceptionDetailInFaults="true" /> 
      </behavior> 
     </serviceBehaviors> 
    </behaviors> 
</system.serviceModel> 

Answer 2

默认认证窗口（或NTLM），所以你需要指定你不想在你的配置文件验证。

<system.serviceModel> 
    <bindings> 
    <wsHttpBinding> 
     <binding name="myBinding"> 
     <security mode="None" /> 
     </binding> 
    </bindings> 
</system.serviceModel> 

也这个属性添加到端点

bindingConfiguration="myBinding" 

的结合元素指定的wsHttpBinding的标准行为的修改。

那么“bindingConfiguration =” myBinding”端点上的属性说，端点应该使用我们指定的修改。

Answer 3

当你有SECURITYMODE =‘在你的绑定无’，你应该关闭集成的身份验证。

Answer 4

作为一个侧面说明.....有一个GPO设置 “NTLM身份验证级别”，这是控制验证导致单元测试生成“协商，NTLM”异常。