HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商，NTLM”

Posted 2023-05-07

【中文标题】HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商，NTLM”

【英文标题】：The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Negotiate,NTLM'

【发布时间】：2014-12-07 15:08:41

【问题描述】：

我正在尝试使用以下设置连接到服务。

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="UserName" algorithmSuite="Default"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="http://addressToService" binding="basicHttpBinding" bindingConfiguration="EngineSoap" contract="TRIMAPI.EngineSoap" name="EngineSoap" />
</client>

我得到的错误如下：

The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

我尝试将 clientCredentialType="Basic" 更改为“Windows”和“Ntlm”，但没有成功。我无法将安全模式设置为“TransportCredentialOnly”以外的任何内容，因为该服务不使用 SSL。

此外，用户名类似于“域\用户名”。

我错过了什么？

【问题讨论】：

看看这个thread它可能对你有帮助

@LukasKubis 试过了，但没用

@nick-s 你有这方面的最新消息吗？

@DanielV 您是否尝试检查服务主机是否启用了“基本身份验证”？

@nick-s 感谢更新，但问题与网络用户有关，而不是身份验证方法本身

【参考方案1】：

clientCredentialType 需要是 Ntlm 而不是 Basic

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

如果是 HTTPS/SSL 连接，则将 TransportCredentialOnly 更改为 Transport。 请参阅<transport> of <basicHttpBinding> 了解更多信息。

【参考方案2】：

未启用托管服务的服务器 (IIS) 上的基本身份验证。启用它为我解决了这个问题。