标题几乎说明了一切,我想我的配置WCF服务,使用户只能使用Kerberos身份验证,而不是NTLM(用于调试)。有什么办法可以做到吗?如何在服务器端配置WCF只允许Kerberos的?
在客户端,它显然是通过设置clientCredentials /窗口完成/ @ allowNtlm =“假”,但似乎是服务器没有相等的属性。
我的配置:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="rest">
<webHttp helpEnabled="true" defaultOutgoingResponseFormat="Xml" automaticFormatSelectionEnabled="false" faultExceptionEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="MyService">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="rss" contract="MyProject.IMyService" behaviorConfiguration="rest" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8732/Design_Time_Addresses/MyProject/MyService/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="rss">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
根据此Windows是Kerberos的。然而http://msdn.microsoft.com/en-us/library/ms729700.aspx – Paparazzi 2012-08-08 14:02:23
ServiceSecurityContext.Current.PrimaryIdentity.AuthenticationType在这种情况下,“NTLM”所以我相信认证回落到NTLM,而不是失败。 – 2012-08-08 14:17:46
你有什么尝试?当你不需要“NTLM”时,为什么要将AuthenticationType设置为“NTLM”? – Paparazzi 2012-08-08 14:23:03