为简单的 WCF 服务启用基本身份验证?
Turn on Basic Authentication for a simple WCF service?
我有一个非常简单的 WCF 网络服务,客户托管在他们自己的 IIS 上。
客户有自己的客户端,他们一直在他们的测试环境中对其进行测试,并且一切正常,直到他们禁用匿名身份验证并启用基本身份验证。一旦他们这样做了,他们就开始出现错误:
The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.
那么,我需要做什么才能使基本身份验证正常工作?
我的网络服务的当前 web.config:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我有自己的测试客户端,我可以 运行 针对我的网络服务。当前 app.config:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyServiceSvc"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc" />
</client>
</system.serviceModel>
</configuration>
当我在我的本地 IIS 上安装该服务时,运行 客户端反对它,一切正常,启用了匿名身份验证。
我需要做什么才能在 IIS 中打开基本身份验证并将客户端和服务器配置为使用基本身份验证?
我当前的测试客户端代码:
public class BlackHillsCompletionSvcTest
{
static void Main(string[] args)
{
using (var client = new MyServiceSvcClient())
{
var data = new Data
{
id = "1",
description = "test data"
};
try
{
var result = client.receiveData(data);
}
catch (Exception ex)
{
var msg = ex.Message;
}
}
}
}
==尝试次数:==
根据 Pankaj Kapare 的建议,我将其添加到网络服务的 web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
...
</system.serviceModel>
因此,我在创建客户端时遇到错误:
The binding at system.serviceModel/bindings/basicHttpBinding does not have a configured binding named 'BasicHttpBinding_IMyServiceSvc'. This is an invalid value for bindingConfiguration.
所以我把这个添加到客户的 app.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
...
</system.serviceModel>
这样,我又遇到了另一个错误:
The username is not provided. Specify username in ClientCredentials.
所以我在客户端添加了用户名和密码:
using (var client = new MyServiceSvcClient())
{
client.ClientCredentials.UserName.UserName = "myusername";
client.ClientCredentials.UserName.Password = "mypassword";
...
}
然后,我又收到另一个错误:
The requested service, 'http://localhost/MyServiceSvc.svc' could not be activated. Which got me wondering. So I loaded the .svc page in my browser, was asked to log in, and after I did, I saw this:
The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
客户看到的是什么。
想法?
== 也许有解决办法? ==
我认为可能缺少的是在服务器上将绑定绑定到端点的服务定义:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service
name="MyServiceSvcNs.MyServiceSvc"
behaviorConfiguration="ServiceWithMetaData"
>
<endpoint name="Default"
address=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyServiceSvcNs.IMyServiceSvc"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceWithMetaData">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
有了这个,一切似乎都奏效了。至少乍一看。
在服务web.config中配置你的basicHttpBinding如下
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
好的,我明白了。
首先,在 IIS 管理器中,您需要关闭匿名身份验证,然后打开基本身份验证。这可能需要先启用基本身份验证,然后重新启动 IIS 管理器。这是基本的 IIS 内容,并不是我的问题的一部分。
然后,我们需要更改 Web 服务的 web.config。如果您还记得的话,它看起来像这样:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我们需要将其更改为:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpTransportCredentialOnlyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service
name="MyServiceSvcNs.MyServiceSvc"
behaviorConfiguration="ServiceWithMetaData"
>
<endpoint name="Default"
address=""
binding="basicHttpBinding"
bindingConfiguration="httpTransportCredentialOnlyBinding"
contract="MyServiceSvcNs.IMyServiceSvc"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceWithMetaData">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我们正在做的是定义一个具有 TransportCredentialOnly 安全性的 basicHttpBinding。然后我们定义一个服务,有一个使用该绑定的端点。
然后在客户端,我们有:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyServiceSvc"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc" />
</client>
</system.serviceModel>
</configuration>
这需要更改为:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpTransportCredentialOnlyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding"
bindingConfiguration="httpTransportCredentialOnlyBinding"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc"
/>
</client>
</system.serviceModel>
</configuration>
在这里,我们再次创建具有 TransportCredentialOnly 安全性的 basicHttpBinding,我们正在修改端点以使用它。
我有一个非常简单的 WCF 网络服务,客户托管在他们自己的 IIS 上。
客户有自己的客户端,他们一直在他们的测试环境中对其进行测试,并且一切正常,直到他们禁用匿名身份验证并启用基本身份验证。一旦他们这样做了,他们就开始出现错误:
The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.
那么,我需要做什么才能使基本身份验证正常工作?
我的网络服务的当前 web.config:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我有自己的测试客户端,我可以 运行 针对我的网络服务。当前 app.config:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyServiceSvc"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc" />
</client>
</system.serviceModel>
</configuration>
当我在我的本地 IIS 上安装该服务时,运行 客户端反对它,一切正常,启用了匿名身份验证。
我需要做什么才能在 IIS 中打开基本身份验证并将客户端和服务器配置为使用基本身份验证?
我当前的测试客户端代码:
public class BlackHillsCompletionSvcTest
{
static void Main(string[] args)
{
using (var client = new MyServiceSvcClient())
{
var data = new Data
{
id = "1",
description = "test data"
};
try
{
var result = client.receiveData(data);
}
catch (Exception ex)
{
var msg = ex.Message;
}
}
}
}
==尝试次数:==
根据 Pankaj Kapare 的建议,我将其添加到网络服务的 web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
...
</system.serviceModel>
因此,我在创建客户端时遇到错误:
The binding at system.serviceModel/bindings/basicHttpBinding does not have a configured binding named 'BasicHttpBinding_IMyServiceSvc'. This is an invalid value for bindingConfiguration.
所以我把这个添加到客户的 app.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
...
</system.serviceModel>
这样,我又遇到了另一个错误:
The username is not provided. Specify username in ClientCredentials.
所以我在客户端添加了用户名和密码:
using (var client = new MyServiceSvcClient())
{
client.ClientCredentials.UserName.UserName = "myusername";
client.ClientCredentials.UserName.Password = "mypassword";
...
}
然后,我又收到另一个错误:
The requested service, 'http://localhost/MyServiceSvc.svc' could not be activated. Which got me wondering. So I loaded the .svc page in my browser, was asked to log in, and after I did, I saw this:
The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
客户看到的是什么。
想法?
== 也许有解决办法? ==
我认为可能缺少的是在服务器上将绑定绑定到端点的服务定义:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service
name="MyServiceSvcNs.MyServiceSvc"
behaviorConfiguration="ServiceWithMetaData"
>
<endpoint name="Default"
address=""
binding="basicHttpBinding"
bindingConfiguration="httpBinding"
contract="MyServiceSvcNs.IMyServiceSvc"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceWithMetaData">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
有了这个,一切似乎都奏效了。至少乍一看。
在服务web.config中配置你的basicHttpBinding如下
<bindings>
<basicHttpBinding>
<binding name="httpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
好的,我明白了。
首先,在 IIS 管理器中,您需要关闭匿名身份验证,然后打开基本身份验证。这可能需要先启用基本身份验证,然后重新启动 IIS 管理器。这是基本的 IIS 内容,并不是我的问题的一部分。
然后,我们需要更改 Web 服务的 web.config。如果您还记得的话,它看起来像这样:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我们需要将其更改为:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpTransportCredentialOnlyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service
name="MyServiceSvcNs.MyServiceSvc"
behaviorConfiguration="ServiceWithMetaData"
>
<endpoint name="Default"
address=""
binding="basicHttpBinding"
bindingConfiguration="httpTransportCredentialOnlyBinding"
contract="MyServiceSvcNs.IMyServiceSvc"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceWithMetaData">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
我们正在做的是定义一个具有 TransportCredentialOnly 安全性的 basicHttpBinding。然后我们定义一个服务,有一个使用该绑定的端点。
然后在客户端,我们有:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IMyServiceSvc" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IMyServiceSvc"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc" />
</client>
</system.serviceModel>
</configuration>
这需要更改为:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="httpTransportCredentialOnlyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint
address="http://localhost/MyServiceSvc.svc"
binding="basicHttpBinding"
bindingConfiguration="httpTransportCredentialOnlyBinding"
contract="MyServiceSvc.IMyServiceSvc"
name="BasicHttpBinding_IMyServiceSvc"
/>
</client>
</system.serviceModel>
</configuration>
在这里,我们再次创建具有 TransportCredentialOnly 安全性的 basicHttpBinding,我们正在修改端点以使用它。