使用 Active Directory 授权的 WCF 服务 - 访问被拒绝错误
WCF Service Authorizing with Active Directory - Access Denied Error
我对通过 IIS 上托管的 HTTP 流量对域帐户进行 WCF 授权有疑问(none 生产,因此没有 ssl 证书可用于 Internet)
我想知道如何设置 windows 从客户端到我的 Web 服务的身份验证。目前我正在同一个 LAN 上进行测试,因此代理不是问题
我在这篇文章的末尾列出了尝试过的步骤 post
编辑: 发生的错误只是访问被拒绝,没有别的,从
尝试,赶上客户端应用程序。如果有办法获得更详细的信息,请告诉我,我会将结果添加到 post.
WCF 服务代码:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single, IncludeExceptionDetailInFaults = true)]
public class Data : IData
{
[PrincipalPermission(SecurityAction.Demand, Role=@"Administrators")]
public List<Incident> GetCases()
{
Queries query = new Queries();
List<Incident> iList = query.CallCases();
return iList;
}
}
WCF Web 配置绑定:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="None">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
WCF Web 配置行为:
<behavior name="Behaviour1">
<serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
<serviceDebug includeExceptionDetailInFaults="true" />
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="http" port="9577" /> ///This port is correct
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
WCF Web 配置服务:
<service behaviorConfiguration="Behaviour1" name="WebService1.Data">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WebService1.IData">
<identity>
<dns value="demo.DomainName.co.uk" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
客户端应用程序(添加了服务引用)
DataClient client = new DataClient();
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
principalPerm.Demand();
Console.WriteLine("Demand succeeded.");
client.ClientCredentials.Windows.ClientCredential.Domain = "Domain Name";
client.ClientCredentials.Windows.ClientCredential.UserName = "User Account";
client.ClientCredentials.Windows.ClientCredential.Password = "Password";
//client.ClientCredentials.UserName.UserName = @"UserAccount@domain.com";
//client.ClientCredentials.UserName.Password = "Password";
//client.ClientCredentials.UseIdentityConfiguration = true;
try
{
List<Incident> cases = client.GetCases().ToList();
foreach (Incident Inc in cases)
{
Console.WriteLine(Inc.CaseID);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
尝试的解决方案:
- 使用域和本地用户
- 将客户端凭据类型修改为基本、NTLM 和Windows
- 通过设置 IIS 来使用
- IIS 已启用基本和 Windows 身份验证
如果您需要更多信息,请随时询问。
感谢您提供的任何帮助
@Tim 给我指明了正确的方向,这就是解决方案:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Message">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
因为我没有 SSL 证书,所以我需要将安全模式设置为 Message,我感到很困惑,因为大多数人使用 SSL 进行测试,这也需要传输安全,我已将其设置为 None测试。
感谢蒂姆的帮助
我对通过 IIS 上托管的 HTTP 流量对域帐户进行 WCF 授权有疑问(none 生产,因此没有 ssl 证书可用于 Internet)
我想知道如何设置 windows 从客户端到我的 Web 服务的身份验证。目前我正在同一个 LAN 上进行测试,因此代理不是问题
我在这篇文章的末尾列出了尝试过的步骤 post
编辑: 发生的错误只是访问被拒绝,没有别的,从 尝试,赶上客户端应用程序。如果有办法获得更详细的信息,请告诉我,我会将结果添加到 post.
WCF 服务代码:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single, IncludeExceptionDetailInFaults = true)]
public class Data : IData
{
[PrincipalPermission(SecurityAction.Demand, Role=@"Administrators")]
public List<Incident> GetCases()
{
Queries query = new Queries();
List<Incident> iList = query.CallCases();
return iList;
}
}
WCF Web 配置绑定:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="None">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
WCF Web 配置行为:
<behavior name="Behaviour1">
<serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
<serviceDebug includeExceptionDetailInFaults="true" />
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="http" port="9577" /> ///This port is correct
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
WCF Web 配置服务:
<service behaviorConfiguration="Behaviour1" name="WebService1.Data">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WebService1.IData">
<identity>
<dns value="demo.DomainName.co.uk" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
客户端应用程序(添加了服务引用)
DataClient client = new DataClient();
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
PrincipalPermission principalPerm = new PrincipalPermission(null, "Administrators");
principalPerm.Demand();
Console.WriteLine("Demand succeeded.");
client.ClientCredentials.Windows.ClientCredential.Domain = "Domain Name";
client.ClientCredentials.Windows.ClientCredential.UserName = "User Account";
client.ClientCredentials.Windows.ClientCredential.Password = "Password";
//client.ClientCredentials.UserName.UserName = @"UserAccount@domain.com";
//client.ClientCredentials.UserName.Password = "Password";
//client.ClientCredentials.UseIdentityConfiguration = true;
try
{
List<Incident> cases = client.GetCases().ToList();
foreach (Incident Inc in cases)
{
Console.WriteLine(Inc.CaseID);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
尝试的解决方案:
- 使用域和本地用户
- 将客户端凭据类型修改为基本、NTLM 和Windows
- 通过设置 IIS 来使用
- IIS 已启用基本和 Windows 身份验证
如果您需要更多信息,请随时询问。
感谢您提供的任何帮助
@Tim 给我指明了正确的方向,这就是解决方案:
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Message">
<message clientCredentialType="Windows" algorithmSuite="Default"/>
</security>
</binding>
</wsHttpBinding>
因为我没有 SSL 证书,所以我需要将安全模式设置为 Message,我感到很困惑,因为大多数人使用 SSL 进行测试,这也需要传输安全,我已将其设置为 None测试。
感谢蒂姆的帮助