HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商,NTLM”

Posted

技术标签:

【中文标题】HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商,NTLM”【英文标题】:The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Negotiate,NTLM' 【发布时间】:2014-12-07 15:08:41 【问题描述】:

我正在尝试使用以下设置连接到服务。

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="UserName" algorithmSuite="Default"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="http://addressToService" binding="basicHttpBinding" bindingConfiguration="EngineSoap" contract="TRIMAPI.EngineSoap" name="EngineSoap" />
</client>

我得到的错误如下:

The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

我尝试将 clientCredentialType="Basic" 更改为“Windows”和“Ntlm”,但没有成功。我无法将安全模式设置为“TransportCredentialOnly”以外的任何内容,因为该服务不使用 SSL。

此外,用户名类似于“域\用户名”。

我错过了什么?

【问题讨论】:

看看这个thread它可能对你有帮助 @LukasKubis 试过了,但没用 @nick-s 你有这方面的最新消息吗? @DanielV 您是否尝试检查服务主机是否启用了“基本身份验证”? @nick-s 感谢更新,但问题与网络用户有关,而不是身份验证方法本身 【参考方案1】:

clientCredentialType 需要是 Ntlm 而不是 Basic

<bindings>
  <basicHttpBinding>
    <binding name="EngineSoap">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm=""/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

如果是 HTTPS/SSL 连接,则将 TransportCredentialOnly 更改为 Transport。 请参阅&lt;transport&gt; of &lt;basicHttpBinding&gt; 了解更多信息。

【讨论】:

【参考方案2】:

未启用托管服务的服务器 (IIS) 上的基本身份验证。启用它为我解决了这个问题。

【讨论】:

以上是关于HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商,NTLM”的主要内容,如果未能解决你的问题,请参考以下文章

HTTP 请求未经客户端身份验证方案“基本”授权。从服务器收到的身份验证标头是“协商,NTLM”

HTTP 请求未经客户端身份验证方案“匿名”授权。使用 wsdl 文件

HTTP 请求未经客户端身份验证方案“Ntlm”授权

异常 = HTTP 请求未经客户端身份验证方案“匿名”授权

客户端身份验证方案“匿名”的 HTTP 请求未经授权?

HTTP 请求未经客户端身份验证方案“协商”授权