WebServiceHost在IIS中禁用匿名身份验证后不起作用

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WebServiceHost在IIS中禁用匿名身份验证后不起作用相关的知识,希望对你有一定的参考价值。

我有一个与ws.net集成并在IIS中部署的rest wcf服务。启用匿名身份验证时,此方法工作正常。当禁用它时,在邮递员中使用rest api调用时会引发401错误。在IIS中,启用了匿名身份验证和窗体身份验证。现在,我禁用了匿名和表单,并且仅启用了Windows身份验证。我的代码如下:

public class SampleWebServiceHostFactory : WebServiceHostFactory
    {
        private Type ContractServiceType;
        private static readonly log4net.ILog log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);

        public SampleWebServiceHostFactory(Type contractServiceType):base()
        {            
            ContractServiceType = contractServiceType;
        }

        protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
        {            
            WebServiceHost host = (WebServiceHost)base.CreateServiceHost(serviceType,baseAddresses);


            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            WebHttpBinding mybinding = new WebHttpBinding(WebHttpSecurityMode.Transport);
            mybinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

            mybinding.MaxReceivedMessageSize = 2147483647;
            mybinding.TransferMode = TransferMode.StreamedRequest;
            mybinding.ReaderQuotas.MaxDepth = 1204;
            mybinding.ReaderQuotas.MaxStringContentLength = 2147483647;
            mybinding.ReaderQuotas.MaxArrayLength = 2147483647;
            mybinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
            mybinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
            mybinding.SendTimeout = new TimeSpan(4,0,0);
            mybinding.ReceiveTimeout = new TimeSpan(4,0,0);

            host.AddServiceEndpoint(ContractServiceType, mybinding, "");
            host.Description.Behaviors.Add(new RestServiceBehavior());
            log.Info("Testing1");
            return host;
        }
    }

以下配置文件中的代码

<system.serviceModel>
    <client/>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="false"/>
          <serviceDebug httpHelpPageEnabled="false" httpsHelpPageEnabled="false" includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <webHttpBinding>
        <binding receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>

我已启用登录Global.asax的功能,以查看发生问题的位置。触发Session_Start方法后,我在上面的代码中看到日志行“ Testing1”。之后,没有日志记录,当我在浏览器中使用url时,它在邮递员中抛出401错误,并继续询问用户名和密码。

答案

现在我们已经在WebServiceHostFactory的构造函数中设置了配置,无需在配置文件中单独配置它。

      <webHttpBinding>
    <binding receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647">
      <readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
    </binding>
  </webHttpBinding>

我建议您参考下面的Windows身份验证配置。

  <system.serviceModel>
    <services>
      <service name="WcfService3.Service1">
        <endpoint address="" behaviorConfiguration="rest" contract="WcfService3.IService1" binding="webHttpBinding" bindingConfiguration="https"></endpoint>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    <endpointBehaviors>
      <behavior name="rest">
        <webHttp helpEnabled="true"/>
      </behavior>
    </endpointBehaviors>
    </behaviors>
    <bindings>
      <webHttpBinding>
        <binding name="https">
          <security mode="Transport">
            <transport clientCredentialType="Windows">
            </transport>
          </security>
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>

之后,请在IIS中禁用其他身份验证模式。调用服务时,我们需要提供一对Windows凭据。enter image description here该凭据实际上是服务器端的Windows帐户,这使我们可以访问网站。请随时让我知道问题是否仍然存在。

以上是关于WebServiceHost在IIS中禁用匿名身份验证后不起作用的主要内容,如果未能解决你的问题,请参考以下文章

webDAV IIS6 身份验证不适用于匿名禁用

使用 Powershell 3.0 切换 IIS 7.5 身份验证“匿名身份验证”?

如何禁用 WCF 数据服务的身份验证方案

WCF - Windows 身份验证 - 安全设置需要匿名

匿名之前的 IIS Windows 身份验证

IIS 身份验证