.NET Core 上的 WCF 在授权方案中缺少客户端协商方案
Posted
技术标签:
【中文标题】.NET Core 上的 WCF 在授权方案中缺少客户端协商方案【英文标题】:WCF on .NET Core missing client Negotiate scheme in authorization scheme 【发布时间】:2018-12-14 17:34:24 【问题描述】:将 WCF 服务和 ASP.NET Core 网站移至服务器后,出现以下错误:
The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate, NTLM'.
我已使用以下 web.config 仅在 WCF 服务上启用了 Windows 身份验证:
<system.serviceModel>
<client />
<behaviors>
<serviceBehaviors>
<behavior name="authBehavior">
<serviceAuthorization principalPermissionMode="UseWindowsGroups">
<authorizationPolicies>
<add policyType="WCF.AuthorizationPolicy, WCF" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCF.IdentityValidator, WCF" />
<serviceCertificate findValue="16E86CCAFFE6211DAE6E841B984F71FB7609D349" storeLocation="LocalMachine" x509FindType="FindBySerialNumber" storeName="My" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpsBinding>
<binding name="basicHttpsEndpointBinding" maxReceivedMessageSize="1073741824" maxBufferSize="1073741824" maxBufferPoolSize="1073741824">
<readerQuotas maxDepth="32" maxArrayLength="1073741824" maxStringContentLength="1073741824" />
<security mode="Transport">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
<services>
<service name="WCF.MyService" behaviorConfiguration="authBehavior">
<endpoint address="" binding="basicHttpsBinding" bindingConfiguration="basicHttpsEndpointBinding" contract="WCF.IMyService">
<identity>
<dns value="example.com" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
ASP.NET Core 客户端:
BasicHttpsBinding binding = new BasicHttpsBinding
MaxBufferPoolSize = 1073741824,
MaxBufferSize = 1073741824,
MaxReceivedMessageSize = 1073741824
;
binding.ReaderQuotas.MaxDepth = 32;
binding.ReaderQuotas.MaxArrayLength = 1073741824;
binding.ReaderQuotas.MaxStringContentLength = 1073741824;
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
MyServiceClient client = new MyServiceClient(binding, new EndpointAddress(new Uri("https://example.com/MyService.svc"), new DnsEndpointIdentity("mydomain.com")));
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.Windows.ClientCredential.Domain = Configuration.GetSection("WCF")["MyServiceDomain"];
client.ClientCredentials.Windows.ClientCredential.UserName = Configuration.GetSection("WCF")["MyServiceUserName"];
client.ClientCredentials.Windows.ClientCredential.Password = Configuration.GetSection("WCF")["MyServicePassword"];
// client call
我想不出什么是错的。如果我在配置/代码中将 Ntlm 更改为 Windows,则客户端身份验证方案“协商”会出错。我是否可以同时使用两者,或者我必须以某种方式从 IIS 中删除 Negotiate/Ntlm?
感谢您的任何想法!
解决方案!
方法一来自https://blogs.msdn.microsoft.com/distributedservices/2009/11/10/wcf-calling-wcf-service-hosted-in-iis-on-the-same-machine-as-client-throws-authentication-error/文章
需要重启服务器!
【问题讨论】:
您可能会发现this post 很有见地。 好吧,如果另一个项目已经编写并且它可以在 localhost 但不能在服务器上运行,那就太糟糕了:D 无论如何我通过阅读文章解决了问题:blogs.msdn.microsoft.com/distributedservices/2009/11/10/… 这解决了我的问题 将解决方案发布为答案并接受。 当然.. 我只需要等待 2 天就可以接受它:D 【参考方案1】:我发现这篇文章为我的问题提供了解决方案
文章:https://blogs.msdn.microsoft.com/distributedservices/2009/11/10/wcf-calling-wcf-service-hosted-in-iis-on-the-same-machine-as-client-throws-authentication-error/
使用方法一,需要重启服务器!
在注册表中我使用 CNAME 之类的
mySubdomain
mySubdomain.myDomain.com
localhost
192.168.0.xxx
192.168.0.1 (default gateway)
xx.xx.xx.xx (my ip address)
【讨论】:
以上是关于.NET Core 上的 WCF 在授权方案中缺少客户端协商方案的主要内容,如果未能解决你的问题,请参考以下文章
.Net Core 1.1 上的 OData v4 缺少 /$metadata
忽略 ASP.NET Core 3.1 中的 WCF 证书错误
在 ASP .net core 2.1 中使用 WCF 或 Reporting Services 和 AlanJuden MvcReportViewer 的超时问题